[1368] in linux-net channel archive
Re: Net problems with send() in 1.3.40
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Tue Nov 14 20:14:44 1995
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
To: alan@cymru.net (Alan Cox)
Date: Tue, 14 Nov 1995 12:40:40 +0100 (MET)
Cc: minyard@metronet.com, linux-net@vger.rutgers.edu,
linux-kernel@vger.rutgers.edu
In-Reply-To: <199511130928.JAA30965@snowcrash.cymru.net> from "Alan Cox" at Nov 13, 95 09:28:50 am
Alan Cox:
> Well there is still:
>
> Quota
probably still not bug-free, but wouldn't hurt in 1.3.x (after all,
it is an option)
> Acct
seems to be stable, Debian has acct in their standard 1.2.13 kernels
> Getting/merging the IPX extensions for lware
and ncpfs (still very alpha but...)
> A 1.2.14 for Christmas might not be a bad idea (with known solid stuff
> - kswap, proc security fixes etc).
Is anyone working on /proc? Is still has problems, both in 1.2.13 and
latest 1.3.xx you can open /proc/<pid>/mem, hold the file descriptor,
then have the target process exec a setuid program and read (fortunately
not write...) its memory (not good for ssh, it is possible to compromise
the secret host key, just to mention one example...).
One possible fix is to do it like Solaris: any open /proc file descriptors
become invalid when the target process executes a setuid program, and any
further I/O attempts return EAGAIN (even for root - you must open the file
again to be able to access it).
If no one is working on it, I might try but don't hold your breath...
Marek
