Re: Security patch for /proc

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 31 Mar 1998 13:11:47 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Char or Block Dirver?"
Previous message: Alan Cox: "Re: Security patch for /proc"

> Other are not that nasty, but still nasty:
> - bind(): the lower ports are reserved to root, so another box may trust
> that a connection is coming from a system program, and not a
> user process.

You resolve that with capabilities as and when they are added. THe network
side of checking for a 'can bind' 'cant bind' rule is easy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Alan Cox: "Re: Char or Block Dirver?"
Previous message: Alan Cox: "Re: Security patch for /proc"