Re: Require mmap handler for a.out executables

From: Bodo Eggert
Date: Thu Jul 27 2006 - 13:48:55 EST

Next message: Jeff Garzik: "Re: the " 'official' point of view" expressed by kernelnewbies.orgregarding reiser4 inclusion"
Previous message: Ulrich Drepper: "Re: O_CAREFUL flag to disable open() side effects"
In reply to: Eugene Teo: "Re: Require mmap handler for a.out executables"
Next in thread: Eugene Teo: "Re: Require mmap handler for a.out executables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marcel Holtmann <marcel@xxxxxxxxxxxx> wrote:

> with the nasty /proc privilege escalation (CVE-2006-3626) it became
> clear that we need to do something more to better protect us against
> people exploiting stuff in /proc. Besides the don't allow chmod stuff,
> Eugene also proposed to depend the a.out execution on the existence of
> the mmap handler. Since we are doing the same for ELF, this makes
> totally sense to me.

Can shell scripts or binfmt_misc be exploited, too? Even if not, I'd
additionally force noexec, nosuid on proc and sysfs mounts.
--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.

http://david.woodhou.se/why-not-spf.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: the " 'official' point of view" expressed by kernelnewbies.orgregarding reiser4 inclusion"
Previous message: Ulrich Drepper: "Re: O_CAREFUL flag to disable open() side effects"
In reply to: Eugene Teo: "Re: Require mmap handler for a.out executables"
Next in thread: Eugene Teo: "Re: Require mmap handler for a.out executables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]