Re: coupe things RedHat does well and Debian should too
On Mon, May 08, 2000 at 03:15:54AM -0400, Decklin Foster wrote:
> Take it up with the Perl people; my personal reaction is 'yuck' but
> they may have a different view. IMHO 'nosuid' should just mean 'no
> suid executables on this filesystem', not 'your users can't possibly
> get a suid program to excute arbitrary code from this filesystem'; you
> have to audit every single suid program and add such a filesystem
> check (which isn't portable to many other *nixes anyway). I'm wary of
> lulling people into a false sense of security.
The problem here is with suidperl. It is a suid root program whichwill drop
priveledges according to the owner and the suid bit of a file. Since the
suid flag is present on the file, it thinks it is safe to asume its a suid
pogram (it can't know that the kernel wont honor the bit even if it is
visible). So there are basically 2 Solutions, both have advantages and
disadvantages
1) force the kernel not todisplay suid flags: good since it will o the trick
for suidperl, good since it will show the user that the program is actually
not suid, bad, because it might be confusing, since after a remount the bit
appears, so the admin has now way to check for that bit
2) force suidperl to check if the suid bit is set. First of all this is
complicated to achieve, especially if you support such a lot of
architectures like perl does. It keeps getting complicated with the
priveldedges stuff....
So i dont know which solution is better, imho both are not enough to make
this clean.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: