Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4

From: insecure
Date: Wed Sep 03 2003 - 15:19:03 EST

Next message: Bill Davidsen: "Re: Fix up power managment in 2.6"
Previous message: linas: "Re: PATCH: kernel-2.4 brlock livelock"
In reply to: Zach, Yoav: "RE: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: Zach, Yoav: "RE: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 03 September 2003 10:16, Zach, Yoav wrote:
> --- Linus Torvalds <torvalds@xxxxxxxx> wrote:
> > I don't like the security issues here. Sure, you
> > "trust" the interpreter,
> > and clearly only root can set the flag, but to me
> > that just makes me
> > wonder why the interpreter itself can't be a simple
> > suid wrapper that does
> > the mapping rather than having it done in kernel
> > space..
>
> If the binary resides on a NFS drive ( which is a very common practice )
> then the suid-wrapper solution will not work because root permissions
> are squashed on the remote drive.

This is a NFS promlem. Do not work around it by adding crap elsewhere.
NFS has to get a decent user auth/crypto features.
I did not try it yet, but NFSv4 will address that.
--
vda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bill Davidsen: "Re: Fix up power managment in 2.6"
Previous message: linas: "Re: PATCH: kernel-2.4 brlock livelock"
In reply to: Zach, Yoav: "RE: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: Zach, Yoav: "RE: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]