Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Alan Cox (alan@lxorguk.ukuu.org.uk)
Thu, 6 Aug 1998 20:52:41 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brandon S. Allbery KF8NH: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Previous message: Zlatko Calusic: "Re: pre-2.1.115-2 fails compile pgtable_cache_water"
Next in thread: Kragen: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Reply: Kragen: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"

> What about linking all the sensitive programs with different crtbegin.o
> which would call mprotect() to make the stack non-executable? Maybe I've
> overseen something, but this looks like a working solution which doesn't
> break anything else.

For platforms that can do it this is the right sort of approach. That
crtbegin can do the fd0/1/2 checking and other things too. Alas Intel is
not such a platform

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Brandon S. Allbery KF8NH: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Previous message: Zlatko Calusic: "Re: pre-2.1.115-2 fails compile pgtable_cache_water"
Next in thread: Kragen: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Reply: Kragen: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"