Date: Wed, 29 Oct 1997 02:37:07 +0100 (CET) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: Don.Lewis@tsc.tdk.com (Don Lewis) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Possible SERIOUS bug in open()? (Big time bug) Message-ID: <199710290137.CAA07602@ocean.campus.luth.se> In-Reply-To: <199710280017.QAA23766@salsa.gv.tsc.tdk.com> from Don Lewis at "Oct 27, 97 04:17:32 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Don Lewis: [...] > } You need to be able to open something with just "x" access to map > } it so that a proces you own can "run" it. So you also want to > } allow an open if you have execute access. > > I don't think administrators who remove "r" access to keep users > from copying executables would like this, since the users could > just switch to a copying program that uses mmap. > > I think it would be better to add a kernel hook so that the emulator > could be registered as an interpreter for foreign binaries. The > kernel could then open an fd and pass it to the emulator when the > binary is execed. Something similar would allow you to remove the > "r" permissions from shell scripts. Er... Either you make the emulator a kernel module, in which case it would be able to do anything, or you allow for an "emulator hook". So, I just write myself a nice little util that hooks into that hook, gets the binary, and dumps the whole file to disk with 755 permissions wherever I want. No? Doesn't seem very effective. Possibly you could need to be root, and the emulator could be setuid. Then, maybe... /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710290137.CAA07602>