> > Any caching of state is inherently insecure because any caches of limited > > size can be always thrashed by a purposeful attacker. I suppose the > > only thing that would work is to actually write something to the > > executable itself on disk, but of course that doesn't always work either. > > I'm also working on this. In the next version I will try to find a way to > prevent brute force attacks through the execve system call with more than > one level of forking. Thanks. Thinking more about it what I wrote above wasn't quite right. The cache would only need to be as big as the number of attackable services/suid binaries. Presumably on many production systems that's rather small, so a cache (which wouldn't actually be a cache, but a complete database) might actually work. -Andi