Bugtraq mailing list archives
Re: Wiping out setuid programs
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Sat, 9 Jan 1999 23:46:02 +0000
Given widespread kernel support for getpeereuid(), it's easy to split a setuid program. All you have to do is identify the atomic operations that the program performs upon restricted files, and move the code for those operations to a separate daemon.
getpeeruid() is the wrong semantics though. If you look at the Linux credential passing it is done per message. A blind implementation of uid per socket pair makes it rather hard to handle datagram based services, to pick up on uid changes the other end etc. Alan
Current thread:
- Re: Wiping out setuid programs Steve Bellovin (Jan 07)
- Re: Wiping out setuid programs Gene Spafford (Jan 08)
- <Possible follow-ups>
- Re: Wiping out setuid programs D. J. Bernstein (Jan 09)
- Re: Wiping out setuid programs Alan Cox (Jan 09)
- Re: Wiping out setuid programs Nick Maclaren (Jan 10)
- Bind 8.* bug. Alan Brown (Jan 11)
- Re: Wiping out setuid programs Neale Banks (Jan 11)
- Re: Wiping out setuid programs Steven M. Bellovin (Jan 09)
- Re: Wiping out setuid programs der Mouse (Jan 09)
- Re: Wiping out setuid programs D. J. Bernstein (Jan 10)
- Re: Wiping out setuid programs Niall Smart (Jan 12)