Andi Kleen wrote:
> If you want to make this secure you hooks in the startup code to drop priviledges even
> earlier I think.
Yuk.
The real fix will come in 2.3 when ext2 can interface with the capabilities
stuff. Until then, this will help things. Coming up with an ugly kludge
(different startup code, different ld.so, etc) is just a distraction from
real goals like:
1. Making sure the startup code and ld.so are bullet-proof. If this isn't
the case the system isn't going to be secure worth a damn anyway.
Avoiding the problem for a few binaries by writing an alternate loader
only results in there being more of this code around to audit.
2. Working towards the filesystem set-capability stuff as mentioned above.
-Mitch
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu