Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Martin Mares (mj@ucw.cz)
Mon, 10 Aug 1998 14:03:21 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Mares: "Re: Bug: PCI discovered primary peer bus"
Previous message: Axel Eble: "Re: Antw: Re: CIPE - Encrypted IP Encapsulation"

> > which would call mprotect() to make the stack non-executable? Maybe I've
> > overseen something, but this looks like a working solution which doesn't
> > break anything else.
>
> For platforms that can do it this is the right sort of approach. That
> crtbegin can do the fd0/1/2 checking and other things too. Alas Intel is
> not such a platform

But I think we still can have the stack protection defaulting to turned off
and have the sensitive programs turn it on upon startup.

Have a nice fortnight

-- Martin `MJ' Mares <mj@ucw.cz> http://atrey.karlin.mff.cuni.cz/~mj/ Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth "Spelling checkers at maximum! Fire!"

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Martin Mares: "Re: Bug: PCI discovered primary peer bus"
Previous message: Axel Eble: "Re: Antw: Re: CIPE - Encrypted IP Encapsulation"