Re: Unexecutable Stack / Buffer Overflow Exploits...

Arjan van de Ven (arjan@fenrus.demon.nl)
Wed, 29 Dec 1999 17:29:11 +0100 (CET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Simon Kirby: "Re: ext2: ls include/config/fb/aty.h : Input/Output error"
Previous message: Andrea Arcangeli: "Re: [patch] freeing spinlock when UP."
In reply to: Gregory Maxwell: "Re: Unexecutable Stack / Buffer Overflow Exploits..."

In article <Pine.SUN.3.96.991229052840.376X-100000@invisible.eskimo.com> you wrote:
>> > suffice to raise major havoc. Besides if they can get a shell as ANY UID
>> > that gives them an inside base from which to advance their attack.

I would like to see an option that does the folowing:

1) Let "normal user" programs bind to ports < 1024
ONLY IF
2) that program was given this "capability" by root, for example
by means of an file-system flag.

This allows a lot of, currently, SUID-programs to run as non-root all the
way, and thus, when used properly, enhances security of networked systems.

Greetings,
Arjan van de Ven

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Simon Kirby: "Re: ext2: ls include/config/fb/aty.h : Input/Output error"
Previous message: Andrea Arcangeli: "Re: [patch] freeing spinlock when UP."
In reply to: Gregory Maxwell: "Re: Unexecutable Stack / Buffer Overflow Exploits..."