Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

David S. Miller (davem@dm.cobaltmicro.com)
Wed, 5 Aug 1998 00:05:52 -0700


Date: Wed, 5 Aug 1998 08:54:21 +0200 (MEST)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)

There are already ways to configure your Linux-kernel that make it
incompatible with this or that. What's the problem with "If you
need to run the xyz-interpreter, you cannot have the stack's not
executable feature turned on"? Life's about choices.

It sure is, and the choice we're making is that people should fix the
applications instead of putting a hack into the mainstream kernel.

Because once the class of exploits is fixed in the applications, the
kernel hack no longer is relevant. And given this situation, the
thing we have to keep in mind is how bloody difficult it is take stuff
out of the kernel.

The golden rule is, if it can be fixed in userspace, make doing it
there the preferred solution if it makes sense. And here it makes
sense.

This is the advantage of Linux, because Linus realizes how difficult
it is to remove something from the kernel, and unlike a lot of
commercial systems we do control strictly what gets in.

Later,
David S. Miller
davem@dm.cobaltmicro.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html