MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
security
Recherche

[$] Restricting execution of scripts — the third approach

vendredi 19 juillet 2024, 16:05 , par LWN.net
The kernel will not consent to execute just any file that happens to be
sitting in a filesystem; there are formalities, such as the checking of
execute permission and consulting security policies, to get through first.
On some systems, security policies have been established to limit execution
to specifically approved programs. But there are files that are not
executed directly by the kernel; these include scripts fed to language
interpreters like Python, Perl, or a shell. An attacker who is able to get
an interpreter to execute a file may be able to bypass a system's security
policies. Mickaël Salaün has been working on closing this hole for years;
the latest
attempt takes the form of a new flag to the execveat()
system call.
https://lwn.net/Articles/982085/

Voir aussi

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 21 nov. - 18:38 CET