Navigation
Recherche
|
[$] Restricting execution of scripts — the third approach
vendredi 19 juillet 2024, 16:05 , par LWN.net
The kernel will not consent to execute just any file that happens to be
sitting in a filesystem; there are formalities, such as the checking of execute permission and consulting security policies, to get through first. On some systems, security policies have been established to limit execution to specifically approved programs. But there are files that are not executed directly by the kernel; these include scripts fed to language interpreters like Python, Perl, or a shell. An attacker who is able to get an interpreter to execute a file may be able to bypass a system's security policies. Mickaël Salaün has been working on closing this hole for years; the latest attempt takes the form of a new flag to the execveat() system call.
https://lwn.net/Articles/982085/
Voir aussi |
56 sources (32 en français)
Date Actuelle
mar. 5 nov. - 09:36 CET
|