Re: thoughts on kernel security issues

From: Pavel Machek
Date: Wed Jan 19 2005 - 10:43:05 EST

Next message: Pete Zaitcev: "Re: usbmon, usb core, ARM"
Previous message: Alex Tomas: "[PATCH] JBD: log space management optimization"
In reply to: Diego Calleja: "Re: thoughts on kernel security issues"
Next in thread: Bill Davidsen: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > For us thankfully, exec-shield has trapped quite a few remotely
> > exploitable holes, preventing the above.
>
> One thing worth considering, but may be abit _too_ draconian, is a
> capability that says "can execute ELF binaries that you can write to".
>
> Without that capability set, you can only execute binaries that you cannot
> write to, and that you cannot _get_ write permission to (ie you can't be
> the owner of them either - possibly only binaries where the owner is
> root).

Well, if there's gdb installed on such machine, you can probably circumvent this.

Hmm, you can probably do /lib/ld-linux.so.2 your binary, no?
Pavel
--
64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pete Zaitcev: "Re: usbmon, usb core, ARM"
Previous message: Alex Tomas: "[PATCH] JBD: log space management optimization"
In reply to: Diego Calleja: "Re: thoughts on kernel security issues"
Next in thread: Bill Davidsen: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]