[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-kernel
Subject:    Re: [RFC][PATCH] scripts with stdin replaced
From:       Richard Guenther <zxmpm11 () student ! uni-tuebingen ! de>
Date:       1999-07-12 16:00:29
[Download RAW message or body]

On Mon, 12 Jul 1999, Jamie Lokier wrote:

> Richard Guenther wrote:
> > > I don't understand.  Do you have suid scripts in your boot process ?
> > > Or do you mean that you used /proc/self/fd regardless of whether the script
> > > was setuid or not ?
> > 
> > Yes. I made it "dumb and generic" - passing /proc/self/fd only
> > if the script is setuid seems ok and would probably fix the problem.
> 
> How about checking if procfs is mounted?  This fix is done for security,
> but it's really a correctness thing and as such I'd like non-setuid
> scripts to be just as correct.

Umm, how? I will probably add an #ifdef CONFIG_PROC around the
suid stuff, but if /proc is just not mounted, it does either
fail (no such file) or err, somebody could stick a trojan horse
to /dev/fd/3? Well, root could. But root could exec the file
suid anyway.

Richard.


--
Richard Guenther <richard.guenther@student.uni-tuebingen.de>
PGP: 2E829319 - 2F 83 FC 93 E9 E4 19 E2 93 7A 32 42 45 37 23 57
WWW: http://www.anatom.uni-tuebingen.de/~richi/


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

[prev in list] [next in list] [prev in thread] [next in thread]