From owner-freebsd-hackers Tue Oct 28 17:49:08 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA09352 for hackers-outgoing; Tue, 28 Oct 1997 17:49:08 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA09334 for ; Tue, 28 Oct 1997 17:48:56 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191]) by gatekeeper.tsc.tdk.com (8.8.4/8.8.4) with ESMTP id RAA20744; Tue, 28 Oct 1997 17:47:59 -0800 (PST) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id RAA22514; Tue, 28 Oct 1997 17:47:58 -0800 (PST) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id RAA26966; Tue, 28 Oct 1997 17:47:57 -0800 (PST) From: Don Lewis Message-Id: <199710290147.RAA26966@salsa.gv.tsc.tdk.com> Date: Tue, 28 Oct 1997 17:47:56 -0800 In-Reply-To: Mikael Karpberg "Re: Possible SERIOUS bug in open()? (Big time bug)" (Oct 29, 2:37am) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: Mikael Karpberg , Don.Lewis@tsc.tdk.com (Don Lewis) Subject: Re: Possible SERIOUS bug in open()? (Big time bug) Cc: freebsd-hackers@FreeBSD.ORG Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Oct 29, 2:37am, Mikael Karpberg wrote: } Subject: Re: Possible SERIOUS bug in open()? (Big time bug) } > I think it would be better to add a kernel hook so that the emulator } > could be registered as an interpreter for foreign binaries. The } > kernel could then open an fd and pass it to the emulator when the } > binary is execed. Something similar would allow you to remove the } > "r" permissions from shell scripts. } } Er... Either you make the emulator a kernel module, in which case it would } be able to do anything, It's probably not a good idea to add something this large to the kernel. } or you allow for an "emulator hook". So, I just } write myself a nice little util that hooks into that hook, gets the binary, } and dumps the whole file to disk with 755 permissions wherever I want. No? } Doesn't seem very effective. Possibly you could need to be root, and the } emulator could be setuid. Then, maybe... You need to be root to configure the hook, probably using sysctl. If root wanted to install an emulator that dumps the file out with 755 permissions, it could have just as easily just have used cp and chmod. Once root has configured the hook, then any user with "x" access to the emulator and the foreign binary could use the emulator to run the foreign binary. The emulator wouldn't need to be setuid since the hook would be configured ahead of time. If an ordinary user wants to install an emulator and a foreign binary, then that user can give the foreign binary both "r" and "x" access and run the emulator the old fashioned way.