Subject: Re: verified executable kernel modification committed
To: None <,>
From: Roland Dowdeswell <>
List: tech-security
Date: 10/31/2002 17:15:00
On 1036082606 seconds since the Beginning of the UNIX epoch
Greg A. Woods wrote:
>[ On Thursday, October 31, 2002 at 00:58:23 (-0500), Roland Dowdeswell wrote: 
>> Subject: Re: verified executable kernel modification committed 

>> Only if you hack your kernel to not execute files which do not have
>> the schg flag set.  Otherwise, what's to stop you from executing
>> other files?
>Such hacks may not strictly be necessary.  In many cases through careful
>control of the PATH setting and use of the 'schg' flag on all
>directories in any PATH directory some assurance can be had that only
>known pre-verified binaries are available to be run.

You can always provide absolute paths for executables to run.  What
I was suggested was not that someone can inject a binary into your
path, but rather execute non-trusted code from an arbitrary location.
I do not see how the setting of PATH would affect:

	$ /u/elric/mybinary

>This doesn't stop arbitrary scripts from being run, but at least with
>the basic POSIX scripting tool, /bin/sh, there's not a whole lot of
>difference in the functional effects between a script and an iteration
>of a bunch of commands with carefully controlled parameters, i.e.
>scripts don't really let you do anything you can't already do by rote,
>given a certain set of available underlying programs.

With the code that Brett has provided, you can provide interpretters on
the system which cannot be used in such a way, though.

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/