Re: Adding a simple editor to the base system

To: tech-userlevel%netbsd.org@localhost
Subject: Re: Adding a simple editor to the base system
From: markucz%gmail.com@localhost
Date: Sat, 14 Feb 2009 18:27:23 +0200

> > I never tried it myself but my guess is [...]
> 
> I suppose actually looking to see what it does is out of the question?
I don't actually *need* setuid scripts, so I didn't waste time recompiling
the kernel only to see what it does. I just remember there was SETUIDSCRIPTS,
that's all.

> > How do you think the kernel could prevent symlink attacks?  I'm
> > curious to know.
> 
> By not passing a name attackers can symlink-replace, of course - such
> as by (see above) opening the script file in the kernel and passing the
> shell an fd already open onto it.
Yes, that's what options(4) says too. I didn't know there's FDSCRIPTS though.
Thank you for your explanation.

References:
- Re: Adding a simple editor to the base system
  - From: Iain Hibbert
- Re: Adding a simple editor to the base system
  - From: David Brownlee
- Re: Adding a simple editor to the base system
  - From: D'Arcy J.M. Cain
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev
- Re: Adding a simple editor to the base system
  - From: markucz
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev
- Re: Adding a simple editor to the base system
  - From: der Mouse

Prev by Date: Re: Adding a simple editor to the base system
Next by Date: Re: Input line editing
Previous by Thread: Re: Adding a simple editor to the base system
Next by Thread: Re: Adding a simple editor to the base system
Indexes:

Home | Main Index | Thread Index | Old Index