Re: RFC: disablenetwork facility. (v4)

From: Alan Cox <hidden>
Date: 2009-12-29 21:10:46
Also in: lkml

Possibly related (same subject, not in this thread)

2010-01-01 · Re: RFC: disablenetwork facility. (v4) · Pavel Machek <hidden>
2010-01-01 · Re: RFC: disablenetwork facility. (v4) · Pavel Machek <hidden>
2009-12-30 · Re: RFC: disablenetwork facility. (v4) · Eric W. Biederman <hidden>
2009-12-30 · Re: RFC: disablenetwork facility. (v4) · Serge E. Hallyn <hidden>
2009-12-30 · Re: RFC: disablenetwork facility. (v4) · Eric W. Biederman <hidden>

quoted

Execute != read. The executable file may contain secrets which must not
be available to the user running the setuid program. If you fail the
setuid, the user will be able to ptrace() and then the secret is
revealed.

It's amazing how many security holes appear from what seems like a very
simple request.

Do we have a security hole in nosuid mount option?
Can someone write a patch to fix it?

If a setuid app can read a key when its erroneously not set setuid then
the user can read it too.

Anything you can do with ptrace you can do yourself !

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help