[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: exec server protocol
From: |
Marcus Brinkmann |
Subject: |
Re: exec server protocol |
Date: |
Tue, 20 May 2003 20:29:42 +0200 |
User-agent: |
Mutt/1.5.3i |
On Tue, May 20, 2003 at 02:04:35PM -0400, Roland McGrath wrote:
> You need to clear IPC rights when they can imply the holding of some
> resources somewhere. In Mach, you could get a send right that keeps
> something alive, exec a setuid root program, and then that send right lives
> even if there are no processes anywhere left belonging to the original uid.
Bollocks.
> You can think of other such scenarios, with varying degrees of badness that
> could be made to happen. They may all be DoS.
I thought of that, but somehow rejected it for the same reason as in the
non-secure case, ie I didn't take into account that eventually the user id
could go away completely.
Back to the drawing board.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org address@hidden
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/