Marcel Holtmann <[email protected]> wrote:
> with the nasty /proc privilege escalation (CVE-2006-3626) it became
> clear that we need to do something more to better protect us against
> people exploiting stuff in /proc. Besides the don't allow chmod stuff,
> Eugene also proposed to depend the a.out execution on the existence of
> the mmap handler. Since we are doing the same for ELF, this makes
> totally sense to me.
Can shell scripts or binfmt_misc be exploited, too? Even if not, I'd
additionally force noexec, nosuid on proc and sysfs mounts.
--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
http://david.woodhou.se/why-not-spf.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
