[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MiNT security holes?

To: Tamminen Eero <t150315@students.cc.tut.fi>
Subject: Re: MiNT security holes?
From: Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
Date: Fri, 29 Aug 97 11:26:15 +0200
Cc: mint@atari.archive.umich.edu
In-reply-to: Tamminen Eero's message of Fri, 29 Aug 1997 01:10:43 +0200 (EET DST)
References: <199708282210.BAA01459@lehtori.cc.tut.fi>

Tamminen Eero <t150315@students.cc.tut.fi> writes:

|> I'd like to know what are the known MiNT specific security holes.
|> When running MiNT with memory protection on (can't test this because
|> I got only STfm), can user start a non-setuid root program with `super'
|> memory access priviledges (ie. program would be able to write all over
|> memory)?

Everyone can call Super() or Supexec(), thus everyone can access
supervisor-only memory.  This is independent of memory protection.  IIRC,
there was some time a discussion whether Super or Supexec should be
root-only, but that would break almost all programs.

-- 
Andreas Schwab                                      "And now for something
schwab@issan.informatik.uni-dortmund.de              completely different"

Follow-Ups:
- Re: MiNT security holes?
  - From: "Konrad M.Kokoszkiewicz" <draco@mi.com.pl>

References:
- MiNT security holes?
  - From: Tamminen Eero <t150315@students.cc.tut.fi>

Prev by Date: RE: MiNT security holes?
Next by Date: Re: MiNT security holes?
Previous by thread: MiNT security holes?
Next by thread: Re: MiNT security holes?
Index(es):
- Date
- Thread