RE: Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4

From: Zach, Yoav
Date: Thu Sep 04 2003 - 01:55:33 EST

Next message: Marc-Christian Petersen: "[PATCH 2.4.23-pre4] Remove bogus SysKonnect config stuff (was Re: Linux 2.4.23-pre3)"
Previous message: John Cherry: "IA32 - 4 New warnings"
In reply to: Zach, Yoav: "RE: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: insecure: "Re: Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> --- insecure <insecure@xxxxxxxxxx> wrote:
>
> > If the binary resides on a NFS drive ( which
> > is a very common practice )
> > then the suid-wrapper solution will not work
> > because root permissions
> > are squashed on the remote drive.
>
>
> This is a NFS promlem. Do not work around it by
> adding crap elsewhere.
> NFS has to get a decent user auth/crypto features.
> I did not try it yet, but NFSv4 will address that.
> --

This is not a workaround - it's a solution for systems
that use the unix user identification mechanism.
Considering the conservative nature of system-administrators,
this mechanism will still be in use for quite a while.

Thanks,
Yoav.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marc-Christian Petersen: "[PATCH 2.4.23-pre4] Remove bogus SysKonnect config stuff (was Re: Linux 2.4.23-pre3)"
Previous message: John Cherry: "IA32 - 4 New warnings"
In reply to: Zach, Yoav: "RE: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Next in thread: insecure: "Re: Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]