Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Albert D. Cahalan (acahalan@cs.uml.edu)
Tue, 4 Aug 1998 14:27:00 -0400 (EDT)

David S. Miller writes:
> From: Jon Lewis <jlewis@inorganic5.fdt.net>

>> If every time a kernel patch broke something, that patch were
>> forever banned from becoming part of the standard kernel source
>> (even after the problems are fixed), we'd still be running
>> something very similar to 1.0.x.
>
> True.
>
> However I still contend that this is an ass-backwards way to fix
> bugs in software.

Do you have a silver bullet? For 30 years, auditing has failed.
You'd think unix wouldn't have any holes in 1998, yet it does.

Hmmm... when setuid, change segments for each stack frame?
I suppose we might lose the /bin/su benchmark, oh well.
OS/390 does something like that, even for non-setuid processes.
(no problems either: OS/390 is UNIX) So gcc could be hacked.

Most exploits would be useless if the stack went the opposite
direction. It's something for the non-i386 hackers to consider.

One very good thing about the no-exec patch: whenever the attacker
makes a mistake, the failure is logged. The admin can then eliminate
the cracker before the attack succeeds.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html