On Thu, Jan 03, 2002 at 12:04:57AM +0100, Lionel Bouton <Lionel.Bouton@free.fr> wrote:
| Eric S. Raymond wrote:
| > Alan Cox <alan@lxorguk.ukuu.org.uk>:
| >>So you want the lowest possible priviledge level. Because if so thats
| >>setuid app not kernel space. Arguing about the same code in either kernel
| >>space verus setuid app space is garbage.
| >>
| > But you're thinking like a developer, not a user. The right question
| > is which approach requires the lowest level of *user* privilege to get
| > the job done. Comparing world-readable /proc files versus a setuid app,
| > the answer is obvious.
|
| Reading proc files requires running kernel space code, do we have kernel
| space code running with *user* priviledge now?
Oh please don't inject (more) noise into this1 Doing ANYTHING involves
running kerel space code somewhere. It is still possible to talk
meaningfully about:
- opening a publicly readable file in /proc to get some info,
which will run some kernel code (which can presumably be trusted;
if you don't trust your kernel you have a serious problem)
versus
- running a setuid binary (however audited) to get the info; said
binary may have bugs, security holes, race conditions etc; it may be
hacked post boot (no so easy to do to the live kernel image), etc
Further, binaries which grovel in /dev/kmem tend to have to be kept in sync
with the kernel; in-kernel code is fundamentally in sync.
-- Cameron Simpson, DoD#743 cs@zip.com.au http://www.zip.com.au/~cs/Although it does not mindfully keep guard, in the small mountain fields the scarecrow does not stand in vain. - trans. Bukkoku Kokushi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 07 2002 - 21:00:20 EST