Re: thoughts on kernel security issues

[Willy Tarreau]

On Thu, Jan 13, 2005 at 12:02:01AM -0800, David Lang wrote:
> >That's why some hardened distros ship with everything R/O (except var) 
> >and
> >/var non-exec.
> 
> this only works if you have no reason to mix the non-exec and R/O stuff 
> in the same directory (there is some software that has paths for stuff 
> hard coded that will not work without them being togeather)

Symlinks are the solution against this breakage. And if your software comes
from the dos world where temporary files are stored in the same directory
as the binaries (remember SET TEMP=C:\DOS ?) then you have no possibility at
all, but the application design by itself should be frightening enough to keep
away from it.

> also it gives you no ability to maintain the protection for normal users 
> at the same time that an admin updates the system. Linus's proposal would 
> let you five this cap to the normal users, but still let the admin manage 
> the box normally.

That's perfectly true. What I explained was not meant to be a universal
solution, but an easy step forward.

Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/