Hosting Provided By

Re: Re : Bounds-checking gcc ..

From: Matt Dillon <dillon(at)best.net>
Date: Tue Feb 18 1997 - 13:30:34 EST

:>>>>> "Adrian" == Adrian Chadd <adrian@cougar.aceonline.com.au> writes:

Ooohh... now here's an idea. One could require that suid root binaries make a system call to 'enable' the suid operation. This system call would be embedded in a securitize() subroutine which would go through, clear up the environment, fix the resource limits, and enable suid oeration. If the binary does not make the system call, it doesn't get suid privilages even if chmod'd 4xxx. The program could pass a list of environment variables to the system call to 'pass through'.

i.e. the suid bit would have to be set AND the program would have to make the system call.

-Matt

Matthew Dillon Engineering, BEST Internet Communications, Inc.

<dillon@best.net>
[always include a portion of the original email in any response!] Received on Tue Feb 18 10:31:41 1997

This message: [ Message body ]
Next message: Warner Losh: "Re: Re : Bounds-checking gcc .."
Maybe in reply to: Adrian Chadd: "Re : Bounds-checking gcc .."
In reply to Phillip Musumeci: "Re: Re : Bounds-checking gcc .."
Next in thread: Warner Losh: "Re: Re : Bounds-checking gcc .."
Reply: Warner Losh: "Re: Re : Bounds-checking gcc .."
Reply: Matt Dillon: "Re: Re : Bounds-checking gcc .."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:41:02 EDT