tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adding a simple editor to the base system

> > I think you can run setuid scripts if you build a custom kernel with
> > SETUIDSCRIPTS enabled.
> Does it prevent symlink attack or simply disables the check?
> If only the latter, it isn't solution. I'm getting tired explaining,
> why scripts don't setuid, thus being second-class programs, contrary
> to advertised. 
I never tried it myself but my guess is that it disables checking. How do you
think the kernel could prevent symlink attacks? I'm curious to know.

Home | Main Index | Thread Index | Old Index