[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: Re: [RFC][PATCH] scripts with stdin replaced
From: Horst von Brand <vonbrand () sleipnir ! valparaiso ! cl>
Date: 1999-07-12 0:54:06
[Download RAW message or body]
Ralf Baechle <ralf@uni-koblenz.de> said:
> On Thu, Jul 08, 1999 at 09:02:09PM -0400, Horst von Brand wrote:
[...]
> > I don't want to trust an all-capable Perl interpreter. Not on a system that
> > is important/critical enough to be secured by capabilitites. A clean
> > solution is given if the script carries capabilities, the kernel notes this
> > and invokes the interpreter with the capabilities the filesystem grants. In
> > this case it is useless to trick the interpreter.
> As things are right now you can't do this or you'll end up with the same
> security problem as for example SUID scripts on SunOS 4 had.
I know.
> To make things work as you want them a filedescriptor to the SUID script
> would have to be passed to the interpreter by binfmt_skript and every
> interpreter would have to be changed to take advantage of that. Otherwise
> there is a security hole ...
Right.
--
Horst von Brand vonbrand@sleipnir.valparaiso.cl
Casilla 9G, Viņa del Mar, Chile +56 32 672616
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic