[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: Re: [RFC][PATCH] scripts with stdin replaced
From: Jamie Lokier <lkd () tantalophile ! demon ! co ! uk>
Date: 1999-07-12 16:31:51
[Download RAW message or body]
Richard Guenther wrote:
> Umm, how? I will probably add an #ifdef CONFIG_PROC around the
> suid stuff, but if /proc is just not mounted, it does either
> fail (no such file) or err, somebody could stick a trojan horse
> to /dev/fd/3? Well, root could. But root could exec the file
> suid anyway.
Isn't the point that you want scripts to work when proc is not mounted,
and to be secure when it is?
I'd vote for existing behaviour when /proc is not mounted: refuse to
even try to exec setuid scripts, and run non-setuid ones as now. When
/proc is mounted, run all scripts using /proc/self/fd.
If you want to get clever you could use the actual location that procfs
is mounted on -- if /proc/mounts and getcwd() can print a path given a
dentry I'm sure you can :-)
BTW I don't like /dev/fd because it might not exist even though procfs
is mounted.
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic