Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261553AbVAMKQp (ORCPT ); Thu, 13 Jan 2005 05:16:45 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261551AbVAMKQp (ORCPT ); Thu, 13 Jan 2005 05:16:45 -0500 Received: from willy.net1.nerim.net ([62.212.114.60]:51983 "EHLO willy.net1.nerim.net") by vger.kernel.org with ESMTP id S261553AbVAMKQa (ORCPT ); Thu, 13 Jan 2005 05:16:30 -0500 Date: Thu, 13 Jan 2005 11:05:42 +0100 From: Willy Tarreau To: David Lang Cc: Matt Mackall , Linus Torvalds , Dave Jones , Andrew Morton , marcelo.tosatti@cyclades.com, Greg KH , chrisw@osdl.org, Alan Cox , Kernel Mailing List Subject: Re: thoughts on kernel security issues Message-ID: <20050113100541.GA10829@alpha.home.local> References: <20050112161227.GF32024@logos.cnet> <20050112205350.GM24518@redhat.com> <20050112182838.2aa7eec2.akpm@osdl.org> <20050113033542.GC1212@redhat.com> <20050113072851.GN2995@waste.org> <20050113074234.GJ7048@alpha.home.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1307 Lines: 30 On Thu, Jan 13, 2005 at 12:02:01AM -0800, David Lang wrote: > >That's why some hardened distros ship with everything R/O (except var) > >and > >/var non-exec. > > this only works if you have no reason to mix the non-exec and R/O stuff > in the same directory (there is some software that has paths for stuff > hard coded that will not work without them being togeather) Symlinks are the solution against this breakage. And if your software comes from the dos world where temporary files are stored in the same directory as the binaries (remember SET TEMP=C:\DOS ?) then you have no possibility at all, but the application design by itself should be frightening enough to keep away from it. > also it gives you no ability to maintain the protection for normal users > at the same time that an admin updates the system. Linus's proposal would > let you five this cap to the normal users, but still let the admin manage > the box normally. That's perfectly true. What I explained was not meant to be a universal solution, but an easy step forward. Willy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/