content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 8BIT
Subject: RE: Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4
Date: Thu, 4 Sep 2003 09:53:44 +0300
Message-ID: <2C83850C013A2540861D03054B478C0601CF64F6@hasmsx403.iil.intel.com>
Thread-Topic: Re: Re: [PATCH]: non-readable binaries - binfmt_misc 2.6.0-test4
Thread-Index: AcNyrkUvZTB1AvgFT/SbybLF8OGwUwAACeTg
From: "Zach, Yoav" <yoav.zach@intel.com>
To: <insecure@mail.od.ua>
Cc: <akpm@osdl.org>, <torvalds@osdl.org>, <linux-kernel@vger.kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 918
Lines: 27

> --- insecure <insecure@mail.od.ua> wrote:
>
> > If the binary resides on a NFS drive ( which 
> > is a very common practice )
> > then the suid-wrapper solution will not work 
> > because root permissions
> > are squashed on the remote drive.
> 
> 
> This is a NFS promlem. Do not work around it by
> adding crap elsewhere.
> NFS has to get a decent user auth/crypto features.
> I did not try it yet, but NFSv4 will address that.
> --

This is not a workaround - it's a solution for systems
that use the unix user identification mechanism.
Considering the conservative nature of system-administrators,
this mechanism will still be in use for quite a while.

Thanks,
Yoav.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/