| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070621172557.GE9741@cip.informatik.uni-erlangen.de> Date: Thu, 21 Jun 2007 19:25:57 +0200 From: Alexander Wuerstlein <snalwuer@....informatik.uni-erlangen.de> To: Arjan van de Ven <arjan@...radead.org> Cc: Alexander Wuerstlein <arw@....name>, linux-kernel@...r.kernel.org, Johannes Schlumberger <spjsschl@...d.informatik.uni-erlangen.de> Subject: Re: [PATCH] Check files' signatures before doing suid/sgid [2/4] On 070621 19:21, Arjan van de Ven <arjan@...radead.org> wrote: > On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote: > > Modified task_struct to hold a 'signed flag' which is set on exec(), inherited > > on fork() and checked during exec before giving the new process suid/sgid > > privileges. > > > > > > do you also check the signature of glibc and every other shared library > that the app uses (or dlopens)? if not.. the entire exercise is rather > pointless... We do check that, that is patch [3/4]. Of course we can only check mmap-ed files, if there is no file like with JIT compilers we are out of luck. Ciao, Alexander Wuerstlein. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists