Re: capabilities in elf headers, (my) final (and shortest) iteration

Horst von Brand (vonbrand@sleipnir.valparaiso.cl)
Wed, 21 Apr 1999 06:38:16 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David L. Parsley: "Re: capabilities in elf headers, (my) final (and shortest) iteration"
Previous message: Andrea Arcangeli: "Re: How to get usefull debugging info..."

Pavel Machek <pavel@bug.ucw.cz> said:

[...]

> [Take a look at way how scripts are executed. When script
> 'script.xyzzy' beggining with
>
> #!/foo/bar
>
> is executed, kernel executes /foo/bar script.xyzzy. There's a race
> here - user can easily delete and replace script.xyzzy in between.]

Yes. The secure way to do this (AFAIKR) is for the kernel to open the
script (f.ex. filedescriptor 3 all the time, it has it open anyway to make
the check) and run "/foo/bar /proc/<pid>/fd/3" instead. Or get the
interpreter to read the script from fd 3 always. No race.

-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viña del Mar, Chile +56 32 672616

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: David L. Parsley: "Re: capabilities in elf headers, (my) final (and shortest) iteration"
Previous message: Andrea Arcangeli: "Re: How to get usefull debugging info..."