Re: Stack Smashing and no-exec
H. Peter Anvin (hpa@transmeta.com)
7 Aug 1998 10:07:33 GMT
Followup to: <35CA713C.42D0ECD5@teleteam.net>
By author: Trever Adams <highlander@teleteam.net>
In newsgroup: linux.dev.kernel
>
> It is my understanding that if the app is not running as root (whether
> that is setuid or real root) the app can't gain root. If such is the
> case, I disagree with those who say it is the kernel's responsibility to
> keep the system safe. Root is supreme, root is the OS in many ways. If
> root takes the system down, heck, that is roots fault. So the mentality
> that the OS should protect root from himself (note generic him, none of
> the PC crap) is bogus.
>
> If an app can smash its stack and gain root shell without setuid or
> root, then it is a problem. If such is the case, please let me know.
>
No it cannot (unless there is a kernel bug, of course.) The problem
occurs with poorly written setuid programs or as-root-running daemons,
where an unprivileged user manages to inject data that somehow causes
the privileged program to take an unauthorized action.
-hpa
--
PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD 1E DF FE 69 EE 35 BD 74
See http://www.zytor.com/~hpa/ for web page and full PGP public key
I am Bahá'í -- ask me about it or see http://www.bahai.org/
"To love another person is to see the face of God." -- Les Misérables
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html