Re: thoughts on kernel security issues

[David Lang]

On Thu, 13 Jan 2005, Willy Tarreau wrote:

> On Wed, Jan 12, 2005 at 11:28:51PM -0800, Matt Mackall wrote:
> > On Wed, Jan 12, 2005 at 08:48:57PM -0800, Linus Torvalds wrote:
> > > On Wed, 12 Jan 2005, Dave Jones wrote:
> > > > For us thankfully, exec-shield has trapped quite a few remotely
> > > > exploitable holes, preventing the above.
> > >
> > > One thing worth considering, but may be abit _too_ draconian, is a
> > > capability that says "can execute ELF binaries that you can write to".
> > >
> > > Without that capability set, you can only execute binaries that you cannot
> > > write to, and that you cannot _get_ write permission to (ie you can't be
> > > the owner of them either - possibly only binaries where the owner is
> > > root).
> >
> > We can do that now with a combination of read-only and no-exec mounts.
>
> That's why some hardened distros ship with everything R/O (except var) and
> /var non-exec.

this only works if you have no reason to mix the non-exec and R/O stuff in 
the same directory (there is some software that has paths for stuff hard 
coded that will not work without them being togeather)

also it gives you no ability to maintain the protection for normal users 
at the same time that an admin updates the system. Linus's proposal would 
let you five this cap to the normal users, but still let the admin manage 
the box normally.

David Lang

--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/