On Sun, 31 Jan 1999, Chip Salzenberg wrote: > According to Michael Stone: > > Quoting Wichert Akkerman ([EMAIL PROTECTED]): > > > What perl-suid should do is check the mountoptions for the filesystem on > > > which the script resides and abort if that was mounted with nosuid. > > > Should be quite simple actually.. > > > > But that's still not general enough. For example, you just missed the > > case of noexec... The solution should be done at a higher level, IMHO... > > Every OS has a different set of mount options that may or may not be > relevant to setuid security. I don't see what 'higher level' would be > useful.
The correct solution to this, surely, is for the mount nosuid to actually strip the suid bits of any files. So that any calls to stat() on a floppy simply won't see suid bits. I honestly can't see why the fs driver doesn't use this approach currently - seems the simplest and most consistent to me. Jules /----------------+-------------------------------+---------------------\ | Jelibean aka | [EMAIL PROTECTED] | 6 Evelyn Rd | | Jules aka | [EMAIL PROTECTED] | Richmond, Surrey | | Julian Bean | [EMAIL PROTECTED] | TW9 2TF *UK* | +----------------+-------------------------------+---------------------+ | War doesn't demonstrate who's right... just who's left. | | When privacy is outlawed... only the outlaws have privacy. | \----------------------------------------------------------------------/
