Date: Mon, 24 Aug 1998 13:22:55 -0700 (PDT) From: David Kirchner <dpk@notreal.com> To: Alex <garbanzo@hooked.net> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, "B. Richardson" <rabtter@aye.net>, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <Pine.BSF.4.02A.9808241319280.24290-100000@notreal.com> In-Reply-To: <Pine.BSF.4.00.9808241314080.228-100000@zippy.dyn.ml.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Aug 1998, Alex wrote: > On Mon, 24 Aug 1998, Robert Watson wrote: > > > > > Or, alternatively, just a file system flag "approved" that indicates a > > binary has been approved for execution by the system operator. This would > > be default set on installed binaries, but could only be added by uid 0 (or > > gid 0 or something). Maybe create a utility that can "bless" binaries. 'root' would only be able to execute blessed binaries. setuid binaries could on be run if blessed, etc. Same idea, but the flag could be set on a different server before the file is copied over. > > However, this runs into the problem of shared libraries -- as long as > > LD_LIBRARY_PATH exists, the possibility of running user-specified code > > also exists. This also doesn't help you if the bugs are in existing code > > (that is, in sperl :). The truly paranoid could just compile everything run as root staticly. > Yes, but one could easily hardcode LD_LIBRARY_PATH to search /usr/lib or > whatever first. > > - alex Or for the less paranoid, they could do this. :) -dpk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808241319280.24290-100000>