Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Andrew Brown (atatatatatdot.net)
Date: Thu Oct 18 2001 - 17:44:56 CDT
>>Yes, highly verbotten. There is another way to accomplish this. I'll
>>take a look, but I would suggest making THAT check dependent on a sysctl
>>variable that defaults to "off".
>I already suggested the sysctl. Problem is, this check doesnt
>acutally close the loophole Thor is worried about, unless you also
>(at a minimum) prohibit anyone from setting x bits on files on a
>filesystem mounted writable-but-noexec.
oh yeah. there's always something. i guess the mmap/noexec check is
the "best" solution.
-- |-----< "CODE WARRIOR" >-----| codewarriordaemon.org * "ah! i see you have the internet twofsonetgraffiti.com (Andrew Brown) that goes *ping*!" andrewcrossbar.com * "information is power -- share the wealth."