Re: Useless(?) security patch against 2.1.86

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: linux kernel account: "Re: OFFTOPIC: GTK and alternative GUIs and windowing systems in Linux"
• Previous message: chip@atlantic.net: "Re: ANNOUNCE: /dev/bios - flash rom bios driver"
• In reply to: Jon Lewis: "Re: RX on aliased interfaces :)"

On Wed, 11 Feb 1998, David Woodhouse wrote:

> Well, I was bored, so...
>
> There follows a patch which will make your kernel complain if root executes a
> binary which is owned by an untrusted user or group.
>
> For the purposes of this patch, "untrusted" means having a [ug]id greater than
> a user-provided cutoff point.
>
> The maximum uid/gid permitted is in /proc/sys/fs/max_rootexec_[ug]id, and it
> defaults to -1, which allows root to execute anything - as normal.
>
> The patch will just make the kernel complain about it, but if you change the
> "#if 0" in exec.c to "#if 1" it'll refuse to execute as well.
>
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

• Next message: linux kernel account: "Re: OFFTOPIC: GTK and alternative GUIs and windowing systems in Linux"
• Previous message: chip@atlantic.net: "Re: ANNOUNCE: /dev/bios - flash rom bios driver"
• In reply to: Jon Lewis: "Re: RX on aliased interfaces :)"