RE: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4

From: Zach, Yoav
Date: Wed Sep 03 2003 - 02:19:14 EST

Next message: Elanjchezhiyan: "Did you have any idea about Ethtool"
Previous message: Christian Axelsson: "Re: 2.6.0-test4-mm5"
Next in thread: insecure: "Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- Linus Torvalds <torvalds@xxxxxxxx> wrote:
>
> I don't like the security issues here. Sure, you
> "trust" the interpreter,
> and clearly only root can set the flag, but to me
> that just makes me
> wonder why the interpreter itself can't be a simple
> suid wrapper that does
> the mapping rather than having it done in kernel
> space..
>

If the binary resides on a NFS drive ( which is a very common practice )
then the suid-wrapper solution will not work because root permissions
are squashed on the remote drive.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Elanjchezhiyan: "Did you have any idea about Ethtool"
Previous message: Christian Axelsson: "Re: 2.6.0-test4-mm5"
Next in thread: insecure: "Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]