Bugtraq mailing list archives

Re: Wiping out setuid programs

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Sat, 9 Jan 1999 23:46:02 +0000

Given widespread kernel support for getpeereuid(), it's easy to split a
setuid program. All you have to do is identify the atomic operations
that the program performs upon restricted files, and move the code for
those operations to a separate daemon.


getpeeruid() is the wrong semantics though. If you look at the Linux
credential passing it is done per message. A blind implementation of
uid per socket pair makes it rather hard to handle datagram based
services, to pick up on uid changes the other end etc.

Alan

Current thread:

Re: Wiping out setuid programs Steve Bellovin (Jan 07)
- Re: Wiping out setuid programs Gene Spafford (Jan 08)
- <Possible follow-ups>
- Re: Wiping out setuid programs D. J. Bernstein (Jan 09)
  - Re: Wiping out setuid programs Alan Cox (Jan 09)
  - Re: Wiping out setuid programs Nick Maclaren (Jan 10)
  - Bind 8.* bug. Alan Brown (Jan 11)
  - Re: Wiping out setuid programs Neale Banks (Jan 11)
- Re: Wiping out setuid programs Steven M. Bellovin (Jan 09)
- Re: Wiping out setuid programs der Mouse (Jan 09)
- Re: Wiping out setuid programs D. J. Bernstein (Jan 10)
- Re: Wiping out setuid programs Niall Smart (Jan 12)