User: Password:
|
|
Subscribe / Log in / New account

Tightening security: not for the impatient

Tightening security: not for the impatient

Posted Jul 21, 2012 16:55 UTC (Sat) by mathstuf (subscriber, #69389)
In reply to: Tightening security: not for the impatient by anselm
Parent article: Tightening security: not for the impatient

Okay, so why make the binary SUID after hardlinking? Since that makes *every* one of those binaries SUID now. If it's something like toybox, I don't want sed to be SUID even if mount is hardlinked to it. Seems like there's a case for having a separate SUID instance that those programs link to.


(Log in to post comments)

Tightening security: not for the impatient

Posted Jul 23, 2012 13:15 UTC (Mon) by nlucas (subscriber, #33793) [Link]

The busybox project is well is aware of that and recomends a different busybox binary for suid and regular binaries.

It's easy enough to build a busybox binary implementing only the suid utils (as is to not include the suid utils on the regular binary).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds