Re: thoughts on kernel security issues

[Bill Davidsen]

Linus Torvalds wrote:
> On Wed, 12 Jan 2005, Dave Jones wrote:
>
> > For us thankfully, exec-shield has trapped quite a few remotely
> > exploitable holes, preventing the above.
>
>
> One thing worth considering, but may be abit _too_ draconian, is a
> capability that says "can execute ELF binaries that you can write to".
>
> Without that capability set, you can only execute binaries that you cannot
> write to, and that you cannot _get_ write permission to (ie you can't be
> the owner of them either - possibly only binaries where the owner is
> root).

How would you map that to interpreted languages? Bash may not be an 
issue (in general), but perl, java, SQL, etc, would be. People other 
than software developers do write in some of those.

> I realize people disagree with me, which is also why I don't in any way
> take vendor-sec as a personal affront or anything like that: I just think
> it's a mistake, and am very happy to be vocal about it, but hey, the
> fundamental strength of open source is exactly the fact that people don't
> have to agree about everything.

That's true, but in practice an administrator who disagrees with a 
developer gets to maintain their own application or O/S, and most users 
have no recourse but to go to another O/S or app. Which makes it far 
more practical to explain a point than to storm off and do it yourself 
and have to maintain it forever.

--
   -bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
 last possible moment - but no longer"  -me
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/