[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SUID executable policy?

From: Alan Cox <alan redhat com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: SUID executable policy?
Date: Tue, 10 Apr 2007 12:32:39 -0400

On Tue, Apr 10, 2007 at 10:49:41AM -0400, Adam Jackson wrote:
> Exposing the SMBIOS table as a device would be a start.  There's
> precedent for drivers that do little else besides map a specific region
> of memory, since /dev/mem is just way too coarse-grained.

Now let me see. A device driver is more privilged than a setuid binary and
more attackable. It can't be swapped and it is hard to change as part of
the kernel.

Why is a device driver better for this ?

If its unchanging data then I'd dump it somewhere from an init script and
at that point no setuidness is needed.

Follow-Ups:
- Re: SUID executable policy?
  - From: Adam Jackson

References:
- SUID executable policy?
  - From: Michael E Brown
- Re: SUID executable policy?
  - From: Adam Jackson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]