[115] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Benedikt Stockebrand)
Sun Mar 12 02:13:44 1995
Date: Sun, 12 Mar 1995 05:55:46 +0100
From: Benedikt Stockebrand <benedikt@devnull.ping.de>
To: linux-security@tarsier.cv.nrao.edu
CC: andy@distrib.com
In-reply-to: <m0rnYXw-000EWrC@distrib.com> (andy@distrib.com)
Reply-To: linux-security@tarsier.cv.nrao.edu
| 2. What's a better solution to Linux security specification?
Coding the proper permissions inside the binaries. Make the program
check its own permissions upon startup and add an option like
"--check-own-permissions" to it.
| (It probably would need to handle site-specific customizations too.)
That way you could put the customization into the Makefile.
| In short, what
| would be better than "cops plus a these-files-should-be-SUID list"?
Another script that first finds all SUID programs and then runs them
with that --check-own-permissions option.
It should be possible to "force" this feature into all available
programs by modifying the gcc startup module, i.e. before main() is
called this check is always automatically performed.
Now don't tell me this is a kludge. I know :-)
Now let's hear some comments.
Ben
-----------------------------------------------------------------------
Benedikt (Ben) Stockebrand (benedikt@devnull.ping.de) Dortmund, Germany
And don't tell me about Benedict Arnold anymore...
-----------------------------------------------------------------------
