Date: Sat, 29 Jun 1996 16:18:02 -0600 (CST)
From: Aaron Ucko <UCKO@vax1.rockhurst.edu>
Interesting...how was this made secure? The OS must have implemented shared
libs in such a way that library code was privileged but user code wasn't...
I don't even want to THINK about statically linked binaries! :-) Reminds
me of Hurd, though.
Why does the library code need to be privileged? Read and write can be built
out of memory mapping primitives without security problems so long as the
kernel implements the proper access rights on the underlying mapped object.
Naturally, installing a new type manager required the appropriate access rights
itself. As for static linking, the global libraries were *never* statically
linked into anything. It just wasn't possible or necessary.
Leonard
The system of privileged libraries is used in IBM's MVS (don't shoot,
please) it would be nice to have it for SVGAlib games. Running suid
root too much programs and specially games makes me nervous: it is an
open door to virusses. With privileged libraries the program would be
suid root only when executing library code (got from a secure source) and
not the entire game you don't know where it comes from.
But in Linux we could get protection for EXT2FS filesystems even from
suid root programs by running in secure mode and having all the
binaries marked not modifiable. I don't know if that protects against
using the block special file however.
--Jean Francois Martinez
Join the Free World side in the holy war against Microsoft's Evil Empire. (Ronald Reagan)