Samium Gromoff wrote: >[...] directly setuid root the lisp system executable itself [...]
Like I said, that sounds like a bad idea to me. Sounds like a recipe for privilege escalation vulnerabilities. Was the lisp system executable really implemented to be secure even when you make it setuid root? Setting the setuid-root bit on programs that didn't expect to be setuid-root is generally not a very safe thing to do. [1] The more I hear, the more unconvinced I am by this use case. If you don't care about the security issues created by (mis)using the lisp interpreter in this way, then like I suggested before, you can always write a tiny setuid-root wrapper program that turns off address space randomization and exec()s the lisp system executable, and leave the lisp system executable non-setuid and don't touch the code in the Linux kernel. That strikes me as a better solution: those who don't mind the security risks can take all the risks they want, without forcing others to take unwanted and unnecessary risks. It's not that I'm wedded to address space randomization of setuid programs, or that I think it would be a disaster if this patch were accepted. Local privilege escalation attacks aren't the end of the world; in all honesty, they're pretty much irrelevant to many or most users. It's just that the arguments I'm hearing advanced in support of this change seem dubious, and the change does eliminate one of the defenses against a certain (narrow) class of attacks. [1] In comparison, suidperl was designed to be installed setuid-root, and it takes special precautions to be safe in this usage. (And even it has had some security vulnerabilities, despite its best efforts, which illustrates how tricky this business can be.) Setting the setuid-root bit on a large complex interpreter that wasn't designed to be setuid-root seems like a pretty dubious proposition to me. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/