Date: Thu, 27 Aug 1998 22:09:40 +0000 From: Niall Smart <rotel@indigo.ie> To: Eivind Eklund <eivind@yes.no>, rotel@indigo.ie, dyson@iquest.net, joelh@gnu.org Cc: imp@village.org, dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <199808272109.WAA01710@indigo.ie> In-Reply-To: <19980827224731.61006@follo.net>; Eivind Eklund <eivind@yes.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > You're basically trying to disable chmod +x for anyone but root, > > but to do that properly you have to audit every program the user > > has permission to execute and each library which those programs > > use. It's _far_ easier to understand how they are getting in. > > Eh? What? You don't have to audit anything - you just add a check > for this in the places in the kernel where you start an executable. > And we were talking of a new flag, not a change to the mode > structure... Sure you do, you want to let them run ncftp? Well ncftp has a buffer overflow in how it reads its configuration file. How are you going to prevent them exploiting that? Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808272109.WAA01710>