Date: Mon, 26 Aug 1996 00:17:08 -0600 From: Warner Losh <imp@village.org> To: Gene Stark <gene@starkhome.cs.sunysb.edu> Cc: security@freebsd.org Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <199608260617.AAA07366@rover.village.org> In-Reply-To: Your message of Mon, 26 Aug 1996 02:08:34 EDT
next in thread | raw e-mail | index | archive | help
: The text segment is set up by the kernel when the process starts. : I don't think there are any system calls that allow it to be extended. mprotect( addr, len, prot ) or mmap should do the trick :-(. Prot == PROT_EXEC | PROT_READ should do the on freshly malloc'd memory, no? Or are you saying that it must be in the text segment only. That would preclude shared libraries from having this functionality in them, since they are mmap'd into the process space at image activation by ld.so. Since system calls live in libc, you'd not be able to use this system call at all :-(. I suppose that you can have ld.so do some magic, but that would potentially preclude dlopen'd libraries from calling this system call. One way you could do this is to have a function call "Don't allow setuid-ness to propigate" AND that's the only system call you get. You can turn it off, but never turn it back on... However, that requires source changes :-(. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608260617.AAA07366>