diff options
| author | Robert de Bath <rdebath@poboxes.com> | 1996-05-31 21:33:17 +0200 |
|---|---|---|
| committer | Lubomir Rintel <lkundrak@v3.sk> | 2013-10-23 23:30:46 +0200 |
| commit | e85ee07172eccafd9441362e774f7b184810d008 (patch) | |
| tree | 5dc12259ab7a61b12d9df284fe58ad5cb312c526 /elksemu/Security | |
| parent | dcc973ea3e31710429858c99d4f040334ac67c06 (diff) | |
| download | dev86-e85ee07172eccafd9441362e774f7b184810d008.tar.gz | |
Import Dev86-0.0.6.tar.gzv0.0.6
Diffstat (limited to 'elksemu/Security')
| -rw-r--r-- | elksemu/Security | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/elksemu/Security b/elksemu/Security new file mode 100644 index 0000000..2fbef8b --- /dev/null +++ b/elksemu/Security @@ -0,0 +1,20 @@ +The install scripts now install /lib/elksemu as a suid-root executable. +This gives two additional facilities when running elks executables. + +1) It is now possible to run programs that are execute only, without + read permission, as the file is opened while we have superuser + access. + +2) If the ELKS executable has suid or sgid bits set these will be honoured. + +The user now needs execute access to run an executable, this is checked. + +If the executable does not have either suid/sgid bits set then all +extra permissions will be dropped within the first few lines of the +main() function. Because of this you need only check this tiny +piece of code if you intend never to use suid. + +If you have any problem with elksemu being suid-root the program will +run as before, with no complaints, if you remove the suid permission. + +Rob. |