MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
security
Search

[$] Restricting execution of scripts — the third approach

Friday July 19, 2024. 04:05 PM , from LWN.net
The kernel will not consent to execute just any file that happens to be
sitting in a filesystem; there are formalities, such as the checking of
execute permission and consulting security policies, to get through first.
On some systems, security policies have been established to limit execution
to specifically approved programs. But there are files that are not
executed directly by the kernel; these include scripts fed to language
interpreters like Python, Perl, or a shell. An attacker who is able to get
an interpreter to execute a file may be able to bypass a system's security
policies. Mickaël Salaün has been working on closing this hole for years;
the latest
attempt takes the form of a new flag to the execveat()
system call.
https://lwn.net/Articles/982085/

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Dec, Sun 22 - 12:40 CET