Hi. It looks like adding MUDFLAP_OPTIONS to unsecvars.h in Glibc works perfectly at keeping anyone, including root, from setting MUDFLAP_OPTIONS on an suid program.
Now I'm looking at gcc-4.1.2/libmudflap/mf-runtime.c, around line 300, at the __mf_set_default_options function, to change this: __mf_opts.violation_mode = viol_nop; to this: __mf_opts.violation_mode = viol_abort; so the default is to abort, instead of doing nothing. Mudflap isn't meant as a security aid, but I think its better than not using it at all. I'd like to also add a syslog function to libmudflap to report on suid 0 aborts. Can any of you think of anything I'm not considering with this, like another backdoor to mudflap? robert
pgp64e6e9EZDD.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
