on Tue, May 22, 2007 at 11:36:57PM +0200, Marco d'Itri ([EMAIL PROTECTED]) wrote: > On May 22, "Karsten M. Self" <[EMAIL PROTECTED]> wrote: > > > Turnabout's fair play: can you provide a compelling argument why we > > *do* need to permit arbitrary creation of suid / exec files under udev?
> Yes: it's a change and changes tend to introduce bugs and instability. > Using noexec nosuid will block at most some cookie cutter script kiddie > attacks, and this small benefit needs to be weighted against the > possible additional troubles it will cause. Fair gripe WRT noexec. However, even if it's a low hurdle (the ld.so hack is well known), we don't have to concede the point if it's not necessary. Hrm. I'm finding ld-2.5.so doesn't do that trick anyway. Anyhow, my objectives in filing this bug were: 1. To register the issue (it hasn't been previously raised AFAICT). 2. To determine if anything breaks if udev is mounted nosuid,noexec. 3. To develop the proper mechanism for specifying and accomplishing this mount configuration. 4. To encourage adoption of the practice as standard if it does not in fact break anything. I'm hitting about 2 for 4 at the moment, and we've got a record of the discussion, which seems like a good start. Cheers. -- Karsten M. Self <[EMAIL PROTECTED]> SFI / Cadence Design Systems -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
