Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Oct 1997 17:47:56 -0800
From:      Don Lewis <Don.Lewis@tsc.tdk.com>
To:        Mikael Karpberg <karpen@ocean.campus.luth.se>, Don.Lewis@tsc.tdk.com (Don Lewis)
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: Possible SERIOUS bug in open()? (Big time bug)
Message-ID:  <199710290147.RAA26966@salsa.gv.tsc.tdk.com>
In-Reply-To: Mikael Karpberg <karpen@ocean.campus.luth.se> "Re: Possible SERIOUS bug in open()? (Big time bug)" (Oct 29,  2:37am)
next in thread | previous in thread | raw e-mail | index | archive | help 
On Oct 29,  2:37am, Mikael Karpberg wrote:
} Subject: Re: Possible SERIOUS bug in open()? (Big time bug)

} > I think it would be better to add a kernel hook so that the emulator
} > could be registered as an interpreter for foreign binaries.  The
} > kernel could then open an fd and pass it to the emulator when the
} > binary is execed.  Something similar would allow you to remove the
} > "r" permissions from shell scripts.
} 
} Er... Either you make the emulator a kernel module, in which case it would
} be able to do anything,

It's probably not a good idea to add something this large to the kernel.

} or you allow for an "emulator hook". So, I just
} write myself a nice little util that hooks into that hook, gets the binary,
} and dumps the whole file to disk with 755 permissions wherever I want. No?
} Doesn't seem very effective. Possibly you could need to be root, and the
} emulator could be setuid. Then, maybe...

You need to be root to configure the hook, probably using sysctl.  If
root wanted to install an emulator that dumps the file out with 755
permissions, it could have just as easily just have used cp and chmod.
Once root has configured the hook, then any user with "x" access to the
emulator and the foreign binary could use the emulator to run the foreign
binary.  The emulator wouldn't need to be setuid since the hook would
be configured ahead of time.

If an ordinary user wants to install an emulator and a foreign binary,
then that user can give the foreign binary both "r" and "x" access and
run the emulator the old fashioned way.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710290147.RAA26966>