Re: [PATCH 3/3] swapon: do not run execvp() calls when swapon is setuid binary

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 02, 2016 at 01:40:10PM +0000, Sami Kerola wrote:
> swapon(8) is not expected to be setuid binary, but if it is try to avoid
> obvious security vulnerability of executing user preferred mkswap file as
> someone else, such as root.

I have replaced this with code to drop permissions, so it executes
mkswap, but as non-root and all depends on mkswap and file/device
perms.

    Karel

-- 
 Karel Zak  <kzak@xxxxxxxxxx>
 http://karelzak.blogspot.com
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux