Re: [RFC][PATCH] scripts with stdin replaced

Horst von Brand (vonbrand@sleipnir.valparaiso.cl)
Sun, 11 Jul 1999 20:54:06 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Matz: "2.3.10: Bug with locks held in fs code"
Previous message: Nickolai Zeldovich: "sock_no_recvmsg arglist fix (2.3.9/10, 2.2.10)"

Ralf Baechle <ralf@uni-koblenz.de> said:
> On Thu, Jul 08, 1999 at 09:02:09PM -0400, Horst von Brand wrote:

[...]

> > I don't want to trust an all-capable Perl interpreter. Not on a system that
> > is important/critical enough to be secured by capabilitites. A clean
> > solution is given if the script carries capabilities, the kernel notes this
> > and invokes the interpreter with the capabilities the filesystem grants. In
> > this case it is useless to trick the interpreter.

> As things are right now you can't do this or you'll end up with the same
> security problem as for example SUID scripts on SunOS 4 had.

I know.

> To make things work as you want them a filedescriptor to the SUID script
> would have to be passed to the interpreter by binfmt_skript and every
> interpreter would have to be changed to take advantage of that. Otherwise
> there is a security hole ...

Right.

-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viña del Mar, Chile +56 32 672616

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Matz: "2.3.10: Bug with locks held in fs code"
Previous message: Nickolai Zeldovich: "sock_no_recvmsg arglist fix (2.3.9/10, 2.2.10)"