Subject: Re: simple tpe implementation
To: None <tech-kern@NetBSD.org, tech-security@netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: tech-security
Date: 02/02/2007 16:41:04
YAMAMOTO Takashi wrote:
> > + /* XXX Must be owned by root. */
> > + if (va->va_uid != 0)
> > + return (EPERM);
This would also break any setuid-non-root executable, right?
> > +
> > + /* Must not be writable by group or other. */
> > + if (va->va_mode & (S_IWGRP | S_IWOTH))
> > + return (EPERM);
That's neat. Personally, I'd always turn such a check on. Maybe
this could be accessible separately.
--
Christian