Re: /proc/<pid>/mem unreadable

Alan Cox (alan@cymru.net)
Thu, 9 May 1996 09:56:38 +0100 (BST)


> I was thinking that it would be good to add all the checks to
> let suid scripts run in a secure manner. I think it would involve
> resolving symlinks to find the true inode which would be used as
> the file. Then of course the inode needs a filename, so we
> generate one in /proc/suidexec. (damn unix filesystem...)

You'd have inconsistencies because you'd need to block them over NFS
file systems where you can't lock down an inode in that way.

> You would also need a shell that ignores $IFS and such.
> You could call that a user space issue, or you could just
> completely clear the environment.

So you have a setuid wrapper like everyone else does nowdays - a secure
C program that therefore avoids the setuid script issue.