Re: Adding a simple editor to the base system

To: tech-userlevel%netbsd.org@localhost
Subject: Re: Adding a simple editor to the base system
From: markucz%gmail.com@localhost
Date: Sat, 14 Feb 2009 16:31:18 +0200

> > I think you can run setuid scripts if you build a custom kernel with
> > SETUIDSCRIPTS enabled.
> 
> Does it prevent symlink attack or simply disables the check?
> If only the latter, it isn't solution. I'm getting tired explaining,
> why scripts don't setuid, thus being second-class programs, contrary
> to advertised. 
I never tried it myself but my guess is that it disables checking. How do you
think the kernel could prevent symlink attacks? I'm curious to know.

References:
- Re: Adding a simple editor to the base system
  - From: Iain Hibbert
- Re: Adding a simple editor to the base system
  - From: David Brownlee
- Re: Adding a simple editor to the base system
  - From: D'Arcy J.M. Cain
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev
- Re: Adding a simple editor to the base system
  - From: markucz
- Re: Adding a simple editor to the base system
  - From: Aleksej Saushev

Prev by Date: Re: Adding a simple editor to the base system
Next by Date: setuid scripts
Previous by Thread: Re: Adding a simple editor to the base system
Next by Thread: setuid scripts
Indexes:

Home | Main Index | Thread Index | Old Index