Re: New Security Features, Please Comment

From: Alan Cox
Date: Wed Dec 03 2008 - 05:29:35 EST

Next message: Frédéric Weisbecker: "Re: [PATCH 2/2] tracing/function-graph-tracer: improve duration output"
Previous message: Peter Zijlstra: "Re: [PATCH 2/2] tracing/function-graph-tracer: improve durationoutput"
In reply to: David Newall: "Re: New Security Features, Please Comment"
Next in thread: Nick Andrew: "Re: New Security Features, Please Comment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The idea is to not allow the child to change its own uid, or give the
> child any elevated privlages so that should the child be compromised via
> buffer overflow or some other bug, it cant be abused.

But the child process can modify itself, it can open files etc.

So as uid 1 I patch my own code to add a function call to a private
function that will be called regularly. Now as the other uids are
selected I am able to attack all those users file stores.

I don't think your model actually works.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frédéric Weisbecker: "Re: [PATCH 2/2] tracing/function-graph-tracer: improve duration output"
Previous message: Peter Zijlstra: "Re: [PATCH 2/2] tracing/function-graph-tracer: improve durationoutput"
In reply to: David Newall: "Re: New Security Features, Please Comment"
Next in thread: Nick Andrew: "Re: New Security Features, Please Comment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]