[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security stuff, continued



> But thinking about it... aren't the program headers stored in the beginning
> of the file? if so, then a person uploading a program which will break
> security mechanisms (as previously described) can simply set the flag in
> the header before they upload it... 

You're dead right, Anthony. He can. That's why I think it must be
toggable inside
the kernel. If you need old binaries, you just use SECURITY=NO in
MINT.CNF, 
if you need to prevent users from calling some functions, you set
SECURITY=YES.
I was thinking on making it toggable while the system is running (i.e.
without
a reboot) but it wasn't good idea IMHO...

Konrad