Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Horst von Brand (linker@z.ml.org)
Tue, 4 Aug 1998 09:24:18 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: A. Wik: "Re: CIPE - Encrypted IP Encapsulation"
Previous message: Horst von Brand: "Re: How to extend the task_struct?"
In reply to: Alan Cox: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"

On Tue, 4 Aug 1998, Alan Cox wrote:

> On Mon, 3 Aug 1998, David S. Miller wrote:
>
> > We had an issue like this last year, where someone tried to kill
> > security exploits by putting a monkey wrench into the kernel
> > (I'm refereing to the non-executable stack patches). That change
> > didn't go in, and we're still alive today.
>
> Actually a _lot_ of people run the non-excutable stack and related
> patches. They don't break anything, they stop a lot of the "I read bugtraq
> before my sysadmin" type cracks and the like
>
> There _is_ a definite case for
>
> CONFIG_SECURITY
> CONFIG_SECURITY_NONEXECSTACK
> CONFIG_SECURITY_TRUSTEDPATH
>
> etc.. either in the main tree - or as now as a collection .

Please please please please!!

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: A. Wik: "Re: CIPE - Encrypted IP Encapsulation"
Previous message: Horst von Brand: "Re: How to extend the task_struct?"
In reply to: Alan Cox: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"