Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2
From: Andy Lutomirski
Date: Thu Jun 03 2004 - 19:14:17 EST
Andy Lutomirski wrote:
I don't like Ingo's fix either, though. At least it should check
CAP_PTRACE or some such. A better fix would be for LSM to pass down
a flag indicating a change of security context. I'll throw that in
to my caps/apply_creds cleanup, in case that ever gets applied.
Don't think we should require an LSM module for that. That's far
overkill.
I'm not suggesting a new LSM module. I'm suggesting modifying the
existing LSM code to handle this cleanly. We already have a function
(security_bprm_secureexec) that does something like this, and, in fact,
it's probably the right thing to test here.
... or not.
secureexec will return true even if you have whatever cap you want the user
to have for this to work.
What use to you see for having this flag survive setuid? The only (safe)
use I can see is for debugging, in which case just copying the binary and
running it non-setuid should be OK.
In this case, then secureexec is a better test than setuid-ness because of
LSMs (like SELinux) in which case setuid is not the only way that security
can be elevated.
--Andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/