From owner-freebsd-hackers Mon Oct 27 16:18:17 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA08613 for hackers-outgoing; Mon, 27 Oct 1997 16:18:17 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA08607 for ; Mon, 27 Oct 1997 16:18:14 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191]) by gatekeeper.tsc.tdk.com (8.8.4/8.8.4) with ESMTP id QAA05822; Mon, 27 Oct 1997 16:17:39 -0800 (PST) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id QAA27708; Mon, 27 Oct 1997 16:17:38 -0800 (PST) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id QAA23766; Mon, 27 Oct 1997 16:17:32 -0800 (PST) From: Don Lewis Message-Id: <199710280017.QAA23766@salsa.gv.tsc.tdk.com> Date: Mon, 27 Oct 1997 16:17:32 -0800 In-Reply-To: Terry Lambert "Re: Possible SERIOUS bug in open()? (Big time bug)" (Oct 25, 1:24am) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: Terry Lambert , Don.Lewis@tsc.tdk.com (Don Lewis) Subject: Re: Possible SERIOUS bug in open()? (Big time bug) Cc: jamil@trojanhorse.ml.org, thorpej@nas.nasa.gov, joerg_wunsch@uriah.heep.sax.de, freebsd-hackers@FreeBSD.ORG Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Oct 25, 1:24am, Terry Lambert wrote: } Subject: Re: Possible SERIOUS bug in open()? (Big time bug) } But say you have a processor emulator that gets invoked by an } execution class loader so that it can mmap a foreign binary } in its address space, and then run it. } } ,------------------. ,------------------. } | DEC Alpha binary | | DEC Alpha binary | } | regular process | | emulator process | } | | | ,--------------. | } | | | | x86 image | | } | | | | (Netscape) | | } | | | `--------------' | } `------------------' `------------------' } } You need to be able to open something with just "x" access to map } it so that a proces you own can "run" it. So you also want to } allow an open if you have execute access. I don't think administrators who remove "r" access to keep users from copying executables would like this, since the users could just switch to a copying program that uses mmap. I think it would be better to add a kernel hook so that the emulator could be registered as an interpreter for foreign binaries. The kernel could then open an fd and pass it to the emulator when the binary is execed. Something similar would allow you to remove the "r" permissions from shell scripts. } Does having only execute access keep you from reading a file? } } No. You can make it core. But that doesn't get you a copy of the text segment. You can probably play games with debuggers as well. In some environments it might not be acceptable to get even this much access, so it might make sense to allow the administrator to disable core file generation and the ability to attach a debugger if you don't have "r" access.