Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

David S. Miller (davem@dm.cobaltmicro.com)
Tue, 4 Aug 1998 11:01:35 -0700

Date: Tue, 4 Aug 1998 13:36:42 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>

On Tue, 4 Aug 1998, David S. Miller wrote:

> However I still contend that this is an ass-backwards way to fix
> bugs in software.

That may be...but it definitely works and adds and extra line of defense
against unknown or unfixed buffer overflow exploits. It helped me catch
the guy using the vsyslog libc overflow, and stopped him from getting root
again.

And I think this is great. It's a seperate kernel patch which serves
the needs of some people very well.

As an example, Jakub Jelinek implemented enlarged kdev_t's in the vger
tree at one time and added a sys_xstat() system call to deal with the
enlarged stat structure. In and of itself, it solved a particular
problem extremely well (limited number of scsi/tty/etc. devices). But
because it was unclean and not really the correct solution to the
problem, it never went into Linus's tree.

Later,
David S. Miller
davem@dm.cobaltmicro.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html