Re: Disturbing news..

Russell King (rmk@arm.linux.org.uk)
Wed, 28 Mar 2001 14:00:57 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tea Age: "Re: [linux-fbdev] Fwd: Re: module depencies during startup"
Previous message: Sharon Aviran: "TCP Vegas implementation for Linux"
In reply to: Jesse Pollard: "Re: Disturbing news.."
Next in thread: Sean Hunter: "Re: Disturbing news.."

On Wed, Mar 28, 2001 at 06:08:15AM -0600, Jesse Pollard wrote:
> Sure - very simple. If the execute bit is set on a file, don't allow
> ANY write to the file. This does modify the permission bits slightly
> but I don't think it is an unreasonable thing to have.

Even easier method - remove the write permission bits from all executable
files, and don't do the unsafe thing of running email/web browsers/other
user-type stuff as user root.

If it still worries you that root can write to files without the 'w' bit
set, modify the capabilities of the system to prevent it (there is a bit
that can be set which will remove this ability for all new processes).

-- Russell King (rmk@arm.linux.org.uk) The developer of ARM Linux http://www.arm.linux.org.uk/personal/aboutme.html

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Tea Age: "Re: [linux-fbdev] Fwd: Re: module depencies during startup"
Previous message: Sharon Aviran: "TCP Vegas implementation for Linux"
In reply to: Jesse Pollard: "Re: Disturbing news.."
Next in thread: Sean Hunter: "Re: Disturbing news.."