From owner-freebsd-hackers  Tue Oct 28 17:29:34 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id RAA08034
          for hackers-outgoing; Tue, 28 Oct 1997 17:29:34 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA08029
          for <freebsd-hackers@FreeBSD.ORG>; Tue, 28 Oct 1997 17:29:30 -0800 (PST)
          (envelope-from karpen@ocean.campus.luth.se)
Received: (from karpen@localhost)
	by ocean.campus.luth.se (8.8.5/8.8.5) id CAA07602;
	Wed, 29 Oct 1997 02:37:08 +0100 (CET)
From: Mikael Karpberg <karpen@ocean.campus.luth.se>
Message-Id: <199710290137.CAA07602@ocean.campus.luth.se>
Subject: Re: Possible SERIOUS bug in open()? (Big time bug)
In-Reply-To: <199710280017.QAA23766@salsa.gv.tsc.tdk.com> from Don Lewis at "Oct 27, 97 04:17:32 pm"
To: Don.Lewis@tsc.tdk.com (Don Lewis)
Date: Wed, 29 Oct 1997 02:37:07 +0100 (CET)
Cc: freebsd-hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31H (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

According to Don Lewis:
[...]
> } You need to be able to open something with just "x" access to map
> } it so that a proces you own can "run" it.  So you also want to
> } allow an open if you have execute access.
> 
> I don't think administrators who remove "r" access to keep users
> from copying executables would like this, since the users could
> just switch to a copying program that uses mmap.
> 
> I think it would be better to add a kernel hook so that the emulator
> could be registered as an interpreter for foreign binaries.  The
> kernel could then open an fd and pass it to the emulator when the
> binary is execed.  Something similar would allow you to remove the
> "r" permissions from shell scripts.

Er... Either you make the emulator a kernel module, in which case it would
be able to do anything, or you allow for an "emulator hook". So, I just
write myself a nice little util that hooks into that hook, gets the binary,
and dumps the whole file to disk with 755 permissions wherever I want. No?
Doesn't seem very effective. Possibly you could need to be root, and the
emulator could be setuid. Then, maybe...

  /Mikael