Posted Oct 29, 2010 10:59 UTC (Fri) by marcH (subscriber, #57642)
Actually, ping using D-Bus would be such a change that you would rather have new-secure-dbus-user-ping on one hand and good-old-insecure-root-ping on the other hand. Embedded and other single user systems can just run everything as root and use the old one.
If you are serious about security you really need a good IPC on multi-user systems... what would you use instead of D-BUS?
Posted Oct 31, 2010 15:18 UTC (Sun) by nlucas (subscriber, #33793)
It's too simple, so you could also solve this problem by making a static build of ping that can not load any shared library.
In my "non-security guy" perspective that would be enough for most environments.
Posted Nov 1, 2010 11:17 UTC (Mon) by michaeljt (subscriber, #39183)
I thought that with ELF there was no such thing as a pure statically linked binary.
Posted Nov 1, 2010 23:34 UTC (Mon) by nix (subscriber, #2304)
(Also, if pure statically-linked binaries cannot exist, what do you think /lib/ld-linux.so.2 is? If ELF interpreters don't count because they are technically shared objects and relocate themselves, /sbin/sln surely does. No relocation, no PT_INTERP: static as static comes, and on pretty much every system.)
Posted Nov 1, 2010 23:52 UTC (Mon) by anselm (subscriber, #2796)
/sbin/sln surely does. No relocation, no PT_INTERP: static as static comes, and on pretty much every system
I'm on Debian sid, and I don't have an executable called »sln« – not in /sbin, not anywhere. Am I missing something?
Posted Nov 2, 2010 0:14 UTC (Tue) by nix (subscriber, #2304)
Posted Nov 2, 2010 0:17 UTC (Tue) by dlang (subscriber, #313)
Posted Nov 3, 2010 14:58 UTC (Wed) by nix (subscriber, #2304)
Posted Nov 3, 2010 23:29 UTC (Wed) by cesarb (subscriber, #6266)
Posted Nov 4, 2010 0:18 UTC (Thu) by foom (subscriber, #14868)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds