Re: Secure-linux and standard kernel

Alan Cox (alan@lxorguk.ukuu.org.uk)
Thu, 25 Jun 1998 03:09:17 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard Gooch: "devfs patch v38 available"
Previous message: MOLNAR Ingo: "Re: Secure-linux and standard kernel"

> It would not help for bugs like the infamous LOCALEPATH holes (that were in the startup
> code).
>
> Also in C++ programs a lot of user code can run in global object contructors before regular
> main(). This code could contain holes too.
>
> If you want to make this secure you hooks in the startup code to drop priviledges even
> earlier I think.

I would suggest perhaps such programs should be bound to an alternative ld.so
that drops the unrequired privileges before even loading the libraries

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Richard Gooch: "devfs patch v38 available"
Previous message: MOLNAR Ingo: "Re: Secure-linux and standard kernel"