On Mon, Aug 27, 2007 at 08:59:37AM +0200, Joachim K?nig wrote:
> Eric Haszlakiewicz wrote:
> >	Alternatly you could change emul_find_root in compat_util.c, but
> >letting an arbitrary root be specified has some security implications,
> >similar to LD_LIBRARY_PATH but worse.
> >  
> Then a flexible way with the same security implications as today would be:
> 
> - syscall to add/remove additional emulation roots for an emulation 
> (root permission required)
> - emul_find_root checks EMUL_ROOT_<EMULATION> (e.g. EMUL_ROOT_LINUX)
>  against registered root path list  and selects corresponding struct emul.

Isn't it enough to disable such an env variable for suid programs ?
Since a user can get the same effect by other means if allowed to write
to the program file.

	David

-- 
David Laight: david@l8s.co.uk