SUID executable policy?
Alan Cox
alan at redhat.com
Tue Apr 10 16:32:39 UTC 2007
On Tue, Apr 10, 2007 at 10:49:41AM -0400, Adam Jackson wrote:
> Exposing the SMBIOS table as a device would be a start. There's
> precedent for drivers that do little else besides map a specific region
> of memory, since /dev/mem is just way too coarse-grained.
Now let me see. A device driver is more privilged than a setuid binary and
more attackable. It can't be swapped and it is hard to change as part of
the kernel.
Why is a device driver better for this ?
If its unchanging data then I'd dump it somewhere from an init script and
at that point no setuidness is needed.
More information about the devel
mailing list