[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security in MiNT



>Hello Torsten,
>
>>  I'm currently implementing the getauid/setauid system calls to MiNT, and I
>> know someone who is working on the supplementary group calls getgroups/set-
>> groups. I know there're people outside thinking security under MiNT is a
>> joke, but first you'll never get it if you don't try and second someone
>> might like the functionality of a user belonging to several groups.
>
>There are some security holes which will be difficult to plug. For
>instance, any user process can call Super(0L) to switch the
>microprocessor into supervisor mode, raise the IPL mask to seven, and
>enter a tight loop (or even nastier). Nice, isn't it?
>
>Of course, you could think of making Super() and Supexec() usable only
>by root, but since the MiNTlibs need one of these functions to scan the
>cookie jar (and test for the presence of MiNT), it's not realistic.

Supervisor mode could be emulated by trapping illegal memory access and
illegal instructions, at least for the 68030. This would allow to be both
secure (you only allow programs to do a limited amount of system access) and
compatable (programs in a multi-tasking environment should go messing with
the system directly anyway). This would also have the upshot of being able
to pre-empt processes which are in pseudo-supervisor mode. I agree that
there would be no point in doing this for the 68000 as any program can write
anywhere.

>You'll note too that even effective uids/gids are not handled properly
>by MiNT and its filesystems; often setuid programs are unable to remove
>files which they have created -- this has already been discussed...
>
>Thierry.

Steve

-- 
---------------------------------------------------------------------------
Computer Systems Administrator, Dept. of Earth Sciences, Oxford University.
E-Mail: steve@uk.ac.ox.earth (JANET) steve@earth.ox.ac.uk (Internet).
Tel:- Oxford (0865) 282110 (UK) or +44 865 282110 (International).