These should dramaticly decrease the security holes due to bad user-space
programming and so I really don't see why they should be excluded from the
kernel... (with appropriate warnings/etc)
-Rob H.
On Mon, 29 Dec 1997, Krzysztof G. Baranowski wrote:
> While testing the million monkey theory, Yuri Kuzmenko said:
> IMHO this is a Good Way(tm). You did almost the same thing that
> Solar Designer had done long time ago. I'm talking about his
> linux-stack-symlink patch. I think there should be SECURITY
> section in kernel config, with stack-non-exec, symlink patches etc.
> Of course marked as experimental and with proper warnings.
> Are there any chances to have this or shall we wait for 2.3
> series ? Comments, flames ?
>
> Cheers,
> Kris
> --
> Krzysztof G. Baranowski - President of the Harmless Manyacs' Club
> "Ex sysadmin, ex kernel hacker, luser again: How to copy a file ?"
> http://www.knm.org.pl/ <prezes@manjak.knm.org.pl>
>
> Your patch on 2.1.76:
>
> --- namei.c.orig Mon Dec 29 16:31:37 1997
> +++ namei.c Mon Dec 29 16:41:52 1997
> @@ -1168,6 +1168,13 @@
> if (!old_dentry->d_inode)
> goto exit_lock;
>
> + if ((old_dentry->d_inode->i_uid != current->euid) &&
> + (old_dentry->d_inode->i_gid != current->egid)) {
> + dput(old_dentry);
> + printk("*** Security warning: UID %lu try to make the hardlink from foreign file \"%s\" to \"%s\"\n",(unsigned long)current->euid,oldname,newname);
> + return -EPERM;
> + }
> +
> error = permission(old_dir->d_inode,MAY_WRITE | MAY_EXEC);
> if (error)
> goto exit_lock;
>