[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security in MiNT



Hello Torsten,

>  I'm currently implementing the getauid/setauid system calls to MiNT, and I
> know someone who is working on the supplementary group calls getgroups/set-
> groups. I know there're people outside thinking security under MiNT is a
> joke, but first you'll never get it if you don't try and second someone
> might like the functionality of a user belonging to several groups.

There are some security holes which will be difficult to plug. For
instance, any user process can call Super(0L) to switch the
microprocessor into supervisor mode, raise the IPL mask to seven, and
enter a tight loop (or even nastier). Nice, isn't it?

Of course, you could think of making Super() and Supexec() usable only
by root, but since the MiNTlibs need one of these functions to scan the
cookie jar (and test for the presence of MiNT), it's not realistic.

You'll note too that even effective uids/gids are not handled properly
by MiNT and its filesystems; often setuid programs are unable to remove
files which they have created -- this has already been discussed...

Thierry.