Jesse Pollard:
>I hope this doesn't get into the kernel. This weakness is very very bad.
That's why I made it a config option. In most cases, people won't
turn it on; distributions certainly won't turn it on. However, for
very limited situations, it can be quite useful.
In my case, we were switching from Solaris to Linux, and Solaris allowed
suid scripts. We used a bunch of them, so all that had to be fixed before
the Linux version could run. With suid scripts, it would have run
immediately, and we could have fixed the security later.
And while it's probably foolish, we don't really care much about security
inside the firewall. All the stuff we care about is on NFS, anyway, so
there's not any real hope of security to begin with.
I hope this does make it into the kernel. Most people will just leave
it off.
--PC
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:24 EST