Re: exec server protocol

hurd-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: exec server protocol

From:	Marcus Brinkmann
Subject:	Re: exec server protocol
Date:	Tue, 20 May 2003 20:29:42 +0200
User-agent:	Mutt/1.5.3i

On Tue, May 20, 2003 at 02:04:35PM -0400, Roland McGrath wrote:
> You need to clear IPC rights when they can imply the holding of some
> resources somewhere.  In Mach, you could get a send right that keeps
> something alive, exec a setuid root program, and then that send right lives
> even if there are no processes anywhere left belonging to the original uid.

Bollocks.

> You can think of other such scenarios, with varying degrees of badness that
> could be made to happen.  They may all be DoS.

I thought of that, but somehow rejected it for the same reason as in the
non-secure case, ie I didn't take into account that eventually the user id
could go away completely.

Back to the drawing board.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/

[Prev in Thread]

Current Thread

[Next in Thread]

exec server protocol, Marcus Brinkmann, 2003/05/20
- Re: exec server protocol, Roland McGrath, 2003/05/20
  - Re: exec server protocol, Marcus Brinkmann <=

Prev by Date: exec server protocol
Next by Date: Re: exec server protocol
Previous by thread: Re: exec server protocol
Index(es):
- Date
- Thread