On Thu, Jan 03, 2002 at 02:49:04PM +1100, Cameron Simpson wrote:
> - opening a publicly readable file in /proc to get some info,
> which will run some kernel code (which can presumably be trusted;
> if you don't trust your kernel you have a serious problem)
Some unnecessary kernel code. Which, because it's unnecessary, won't
necessarily be checked for correctness.
> versus
>
> - running a setuid binary (however audited) to get the info; said
> binary may have bugs, security holes, race conditions etc; it may be
> hacked post boot (no so easy to do to the live kernel image), etc
vs
- running a single app as root upon boot.
> Further, binaries which grovel in /dev/kmem tend to have to be kept in sync
> with the kernel; in-kernel code is fundamentally in sync.
Bull. There have been several drivers that simply can not compile because
they are out of sync, in the 2.4 kernel
mrc
--
Mike Castle dalgoda@ix.netcom.com www.netcom.com/~dalgoda/
We are all of us living in the shadow of Manhattan. -- Watchmen
fatal ("You are in a maze of twisty compiler features, all different"); -- gcc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 07 2002 - 21:00:20 EST