On 070621 19:21, Arjan van de Ven <[EMAIL PROTECTED]> wrote: > On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote: > > Modified task_struct to hold a 'signed flag' which is set on exec(), > > inherited > > on fork() and checked during exec before giving the new process suid/sgid > > privileges. > > > > > > do you also check the signature of glibc and every other shared library > that the app uses (or dlopens)? if not.. the entire exercise is rather > pointless...
We do check that, that is patch [3/4]. Of course we can only check mmap-ed files, if there is no file like with JIT compilers we are out of luck. Ciao, Alexander Wuerstlein. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
