Re: thoughts on kernel security issues

From: Bill Davidsen
Date: Wed Jan 19 2005 - 15:01:51 EST


Linus Torvalds wrote:

On Wed, 12 Jan 2005, Dave Jones wrote:

For us thankfully, exec-shield has trapped quite a few remotely
exploitable holes, preventing the above.


One thing worth considering, but may be abit _too_ draconian, is a
capability that says "can execute ELF binaries that you can write to".

Without that capability set, you can only execute binaries that you cannot
write to, and that you cannot _get_ write permission to (ie you can't be
the owner of them either - possibly only binaries where the owner is
root).

How would you map that to interpreted languages? Bash may not be an issue (in general), but perl, java, SQL, etc, would be. People other than software developers do write in some of those.

I realize people disagree with me, which is also why I don't in any way
take vendor-sec as a personal affront or anything like that: I just think
it's a mistake, and am very happy to be vocal about it, but hey, the
fundamental strength of open source is exactly the fact that people don't
have to agree about everything.

That's true, but in practice an administrator who disagrees with a developer gets to maintain their own application or O/S, and most users have no recourse but to go to another O/S or app. Which makes it far more practical to explain a point than to storm off and do it yourself and have to maintain it forever.

--
-bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/