Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 4 Aug 1998 22:00:12 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Previous message: dgaudet-list-linux-kernel@arctic.org: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"

> Sun didn't find this to be a problem when they updated their ABI to
> include a non-executable stack (see bugtraq archives, it's part of 2.7 I'm
> pretty sure). mprotect(PROT_EXEC) solves this problem wonderfully.

Its configurable in 2.6 as well. Its apparently controlled by three things

o Global system setting - so you can turn it off/on
o mprotect()
o ELF info in the binary

The 2.0.x stack patch for intel is a bit cruder (mprotect wont help too
much) but is smarter about handling it. We have mprotect and we could use
ELF info.

Note also that code on the stack is fundamentally non portable anyway so
no portability issues arise - just back compatible.

I've run a full Red Hat 5 through the stack patch and I detected no breaks.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Linus Torvalds: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Previous message: dgaudet-list-linux-kernel@arctic.org: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"