Bugtraq mailing list archives
Re: Wiping out setuid programs
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Sun, 10 Jan 1999 01:54:39 -0500
Several people have asked about the costs and benefits of splitting a setuid program into an unprivileged user process and a non-setuid daemon.
C=08Co=08os=08st=08ts=08s.=08. [...]
[For those who don't feel like working it out, that's "Costs." with quoted-printable backspaces attempting overstrikes.] Your bias is showing. You're missing a cost: the program doesn't work if the daemon isn't running. (For whatever reason: single-user, it crashed, etc.) You're missing another cost: convincing some appropriate "kernel implementor" to provide getpeereuid(). (It's not just a matter of doing it - for OSes less into the kitchen-sink philosophy than Linux, there's the question of whether that's the right way to go - and even if it does go in, I think your "five minutes" is grossly optimistic, especially when you add regression testing, documentation, maintenance, etc, etc.)
It shouldn't take more than five minutes for a kernel implementor to support getpeereuid(). For example, Linux has "struct ucred peercred" inside struct sock,
A peer credentials structure in every socket, just to support AF_LOCAL credentials? I'd say this belongs in (the Linux analog of) the struct unpcb. (Not that Linux cares what I think. :-) der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: Wiping out setuid programs Steve Bellovin (Jan 07)
- Re: Wiping out setuid programs Gene Spafford (Jan 08)
- <Possible follow-ups>
- Re: Wiping out setuid programs D. J. Bernstein (Jan 09)
- Re: Wiping out setuid programs Alan Cox (Jan 09)
- Re: Wiping out setuid programs Nick Maclaren (Jan 10)
- Bind 8.* bug. Alan Brown (Jan 11)
- Re: Wiping out setuid programs Neale Banks (Jan 11)
- Re: Wiping out setuid programs Steven M. Bellovin (Jan 09)
- Re: Wiping out setuid programs der Mouse (Jan 09)
- Re: Wiping out setuid programs D. J. Bernstein (Jan 10)
- Re: Wiping out setuid programs Niall Smart (Jan 12)