update a running busybox

Cathey, Jim jcathey at ciena.com
Wed Mar 30 18:51:37 UTC 2011


>This is somewhat difficult or impossible to do in a conformant way.
>Each open file has a device and inode number which cannot change for
>its lifetime, which are important identifiers that may be used in
>security-critical ways.

In this (DNIX) system the file was not 'open' at the user level,
and as a resident of swap space it didn't really have a device or
an inode.  (As data/bss segments did not.  Just memory pages backed
to a blocking store.)  Even if it were required to have dev/inode,
perhaps to support /proc/X/exe, why could it not get a new assignment
on the swap device? (Essentially automating what we all have to do
by hand now.)

Perhaps there is some esoteric security protocol that would be confused
by this, but one could argue that that protocol was overly
system-sensitive.
What ongoing security check would be required for an already-executing
process?

-- Jim



More information about the busybox mailing list