lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 22 Jan 2007 10:20:21 -0500
From:	Valdis.Kletnieks@...edu
To:	Samium Gromoff <_deepfire@...lingofgreen.ru>
Cc:	David Wagner <daw@...berkeley.edu>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Undo some of the pseudo-security madness

On Mon, 22 Jan 2007 02:23:30 +0300, Samium Gromoff said:
>
> not "core-dumps" but "core files", in the lispspeak, but anyway.
> 
> the reason is trivial -- if i can write programs enjoying setuid
> privileges in C, i want to be able to do the same in Lisp.

Go read up on how the XEmacs crew designed their "portable dumper",
specifically to get around a lot of these sorts of problems because the
old Emacs 'unexec' code was incredibly fragile.

> the only way to achieve this i see, is to directly setuid root
> the lisp system executable itself -- because the lisp code
> is read, compiled and executed in the process of the lisp
> system executable.

If that's the only way you can see to do it, maybe you should think a
bit harder before making kernel hacks to do something.





Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ