Re: Useless(?) security patch against 2.1.86

linux kernel account (linker@nightshade.z.ml.org)
Wed, 11 Feb 1998 13:28:38 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: linux kernel account: "Re: OFFTOPIC: GTK and alternative GUIs and windowing systems in Linux"
Previous message: Noel Burton-Krahn: "RE: How to read-protect a vm_area?"
In reply to: Jon Lewis: "Re: RX on aliased interfaces :)"

WOW! This is cool stuff man. I vote for imeadite inclusion.

On Wed, 11 Feb 1998, David Woodhouse wrote:

> Well, I was bored, so...
>
> There follows a patch which will make your kernel complain if root executes a
> binary which is owned by an untrusted user or group.
>
> For the purposes of this patch, "untrusted" means having a [ug]id greater than
> a user-provided cutoff point.
>
> The maximum uid/gid permitted is in /proc/sys/fs/max_rootexec_[ug]id, and it
> defaults to -1, which allows root to execute anything - as normal.
>
> The patch will just make the kernel complain about it, but if you change the
> "#if 0" in exec.c to "#if 1" it'll refuse to execute as well.
>
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: linux kernel account: "Re: OFFTOPIC: GTK and alternative GUIs and windowing systems in Linux"
Previous message: Noel Burton-Krahn: "RE: How to read-protect a vm_area?"
In reply to: Jon Lewis: "Re: RX on aliased interfaces :)"