Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Geert Uytterhoeven (Geert.Uytterhoeven@cs.kuleuven.ac.be)
Wed, 5 Aug 1998 09:41:38 +0200 (CEST)


On Tue, 4 Aug 1998, Edward S. Marshall wrote:
> Bingo. This isn't an issue to software developers; frankly, they created
> the problem. This is an -administration- issue, for people who can't
> necessarily fix their software (don't know how, don't have source, can't
> make software upgrades due to dependancies on other factors, don't have
> the staff to be constantly monitoring security releases, etc).

If you don't have the sources for the stuff you're running setuid root, you
should indeed be worried about security. Executable stack or not.

Greetings,

Geert

--
Geert Uytterhoeven                     Geert.Uytterhoeven@cs.kuleuven.ac.be
Wavelets, Linux/{m68k~Amiga,PPC~CHRP}  http://www.cs.kuleuven.ac.be/~geert/
Department of Computer Science -- Katholieke Universiteit Leuven -- Belgium

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html