Re: caps in elf headers: use the sticky bit!

Richard Gooch (rgooch@atnf.csiro.au)
Fri, 16 Apr 1999 13:48:09 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert D. Cahalan: "Re: [PATCH] Capabilities, this time in elf section"
Previous message: Paul F. Dietz: "Re: more on hash functions"
In reply to: Paul F. Dietz: "Re: more on hash functions"
Next in thread: Theodore Y. Ts'o: "Re: caps in elf headers: use the sticky bit!"
Reply: Theodore Y. Ts'o: "Re: caps in elf headers: use the sticky bit!"

Theodore Y. Ts'o writes:
> Date: Thu, 15 Apr 1999 16:07:35 -0700 (PDT)
> From: David Lang <dlang@diginsite.com>
>
> As for the NFS issue, there are situations where NFS can be used in a
> (at least semi)secure environment. If the NFS traffic is on a dedicated
> LAN (often done for performance anyway) then the only way that NFS can be
> a problem is if one of your machines in hacked into anyway. The ability to
> use capabilities on NFS mounted files would significantly help in server
> farm situations.
>
> So if I can manage to hack into one of your machines, (say, the one
> which is running the sendmail that didn't get updated to fix the
> sendmail security bug of the week) I get to break into all of the
> rest?!?

Exactly how does hacking a client mean that all clients are
compromised? The NFS area can be exported read-only to prevent this.

Regards,

Richard....

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Albert D. Cahalan: "Re: [PATCH] Capabilities, this time in elf section"
Previous message: Paul F. Dietz: "Re: more on hash functions"
In reply to: Paul F. Dietz: "Re: more on hash functions"
Next in thread: Theodore Y. Ts'o: "Re: caps in elf headers: use the sticky bit!"
Reply: Theodore Y. Ts'o: "Re: caps in elf headers: use the sticky bit!"