From e85ee07172eccafd9441362e774f7b184810d008 Mon Sep 17 00:00:00 2001
From: Robert de Bath <rdebath@poboxes.com>
Date: Fri, 31 May 1996 21:33:17 +0200
Subject: Import Dev86-0.0.6.tar.gz

---
 elksemu/Security | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 elksemu/Security

(limited to 'elksemu/Security')

diff --git a/elksemu/Security b/elksemu/Security
new file mode 100644
index 0000000..2fbef8b
--- /dev/null
+++ b/elksemu/Security
@@ -0,0 +1,20 @@
+The install scripts now install /lib/elksemu as a suid-root executable.
+This gives two additional facilities when running elks executables.
+
+1) It is now possible to run programs that are execute only, without
+   read permission, as the file is opened while we have superuser
+   access.
+
+2) If the ELKS executable has suid or sgid bits set these will be honoured.
+
+The user now needs execute access to run an executable, this is checked.
+
+If the executable does not have either suid/sgid bits set then all
+extra permissions will be dropped within the first few lines of the
+main() function. Because of this you need only check this tiny
+piece of code if you intend never to use suid.
+
+If you have any problem with elksemu being suid-root the program will
+run as before, with no complaints, if you remove the suid permission.
+
+Rob.
-- 
cgit v1.2.1