Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Geert Uytterhoeven (Geert.Uytterhoeven@cs.kuleuven.ac.be)
Thu, 6 Aug 1998 12:27:05 +0200 (CEST)

On Thu, 6 Aug 1998, Andrej Presern wrote:
> You can run away from the problem by telling other people that they should fix
> it for you by fixing their applications. You can't hide from it though, since
> it's the _kernel's_ job to protect the system in the first place, and this
> being the case, the solution (whatever it may be) _belongs_ into the kernel. If
> you want a secure system, you can't let a broken application compromise it. You
> know that, because that's one (of many) of the reasons why we use protected
> memory.

It's indeed the kernel's job to protect the system: to protect `objects' (e.g.
processes, files) against other `objects'.

It's not the kernel's job to protect broken applications against theirselves.
By definition setuid root programs have much more power than normal programs,
and it's up to the author of that program to make it behave well.

If e.g. a setuid root application asks you what files to delete, that's fine.
Then the application is to blame for this behavior.

Greetings,

Geert

[ stripping the CC list ]

--
Geert Uytterhoeven                     Geert.Uytterhoeven@cs.kuleuven.ac.be
Wavelets, Linux/{m68k~Amiga,PPC~CHRP}  http://www.cs.kuleuven.ac.be/~geert/
Department of Computer Science -- Katholieke Universiteit Leuven -- Belgium






-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html