[1708] in linux-security and linux-alert archive
[linux-security] Re: Re: Re: Towards a solution of tmp-file problems
daemon@ATHENA.MIT.EDU (Wietse Venema)
Fri Mar 13 05:03:06 1998
To: linux-security@redhat.com
Date: Thu, 12 Mar 1998 07:40:03 -0500 (EST)
In-Reply-To: <199803112136.IAA23600@gidora.zeta.org.au> from Nick Andrew at "Mar 12, 98 08:36:40 am"
From: wietse@porcupine.org (Wietse Venema)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Nick Andrew:
> The other suggestions operate at a system level (new fs type), a
> directory level (new mode on directories) or whatever level you like
> (private namespace access passed by fd).
Although I like that last suggestion (name space passed by fd), it
may violate the principle of least surprise, unless that private
name space can be made available to non-login processes such as
those run from cron or from .forward files.
Of course, the ability for a process to become any user without
any prior login authentication is one of the weakest and most
powerful features of UNIX at the same time.
But the concept of an authenticated setuid() call is perhaps better
discussed in a separate thread.
Wietse
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null