Bodo Eggert wrote:
> Marcel Holtmann <[email protected]> wrote:
>
>> with the nasty /proc privilege escalation (CVE-2006-3626) it became
>> clear that we need to do something more to better protect us against
>> people exploiting stuff in /proc. Besides the don't allow chmod stuff,
>> Eugene also proposed to depend the a.out execution on the existence of
>> the mmap handler. Since we are doing the same for ELF, this makes
>> totally sense to me.
>
> Can shell scripts or binfmt_misc be exploited, too? Even if not, I'd
> additionally force noexec, nosuid on proc and sysfs mounts.
Right. That's why we do not allow chmod() /proc/*/*/* files.
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d76fa58b050044994fe25f8753b8023f2b36737
Eugene
--
eteo redhat.com ph: +65 6490 4142 http://www.kernel.org/~eugeneteo
gpg fingerprint: 47B9 90F6 AE4A 9C51 37E0 D6E1 EA84 C6A2 58DF 8823
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
