I now disagree with my previous opinion and think that the patch I
submitted (and the corresponding half of Vadim's patch) is incorrect.
In fact, on some other OS things behave in the way I thought are correct
and I even raised a security_all to make things the way like Linux does.
The reason I am changing my mind is (as Alan kindly explained) it is not
secure to update sensitive parts (like mem) of /proc/<pid>/* after the
program changed its identity.
Perhaps we have two choices:
a) leave things as they are now.
b) provide a separate fill_inode() for each (or some) nodes in
/proc/<pid>/* that should honour setuid(2)?
What do you think, people?
Regards,
------
Tigran A. Aivazian | http://www.sco.com/
Escalations Research Group | Email: tigran@sco.com
Santa Cruz Operation Ltd |
On Mon, 15 Jun 1998, Vadim E. Kogan wrote:
> Hmm.. please look @ my previous post in linux-kernel. There are fixes
> for both 2.0 and 2.1. In your fix you forgot to kill unneeded line.
>
> Vadim
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu