Bugtraq mailing list archives
Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service)
From: mcrosbie () CUP HP COM (Mark Crosbie)
Date: Sat, 9 Jan 1999 09:36:56 -0800
In message <E0zyhRE-00013T-00 () ursa cus cam ac uk>, Nick Maclaren writes:
Consider things like job schedulers, printing systems and so on. User A calls one of those, which runs as user B. It then calls mail - the examples were chosen because both of them do precisely that. Which is the user identification that the mailer should use?
In this case, a concept similar to "session IDs" would help: a session ID records the original identity of the user that initiated this login session. It is copied across all su calls, and inherited by fork and exec calls. Thus, the process running as user B, still has an session ID of user A. Hence, when it calls the mailer, the session ID is still user A, which can be used for access control checking. Granted a system call may now be needed to get_session_id() or similar, but if you trust the kernel, you can trust the session ID. Session IDs are found in the HPUX kernel (they're called audit ID) and I think most other kernels support some notion of a session ID inherited across processes. Note: a process cannot change its session ID. It is set by the kernel when the login process execs the process group leader. It never changes from then on in. It is usually stored in some "trusted database" so that you can go back over time and map session IDs to actual real people. Just a thought... Mark
Regards, Nick Maclaren, University of Cambridge Computing Service, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Email: nmm1 () cam ac uk Tel.: +44 1223 334761 Fax: +44 1223 334679
-- Mark Crosbie http://www.best.com/~mcrosbie Hewlett-Packard MS 47 LA mcrosbie () cup hp com 19447 Pruneridge Avenue (408) 447-2308 Cupertino, CA 95014 (408) 447-6766 FAX
Current thread:
- Re: Anonymous Qmail Denial of Service D. J. Bernstein (Jan 05)
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Ian R. Justman (Jan 06)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Darren Reed (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Nick Maclaren (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Mark Crosbie (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Pete Kruckenberg (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Len Budney (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Kragen Sitaker (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Darren Reed (Jan 08)
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Ian R. Justman (Jan 06)
- ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
- Re: ff.core exploit on Solaris (2.)7 Casper Dik (Jan 15)
- L0pht tmp tool and (mini) Advisory Dr. Mudge (Jan 08)
- <Possible follow-ups>
- Re: Anonymous Qmail Denial of Service Antonomasia (Jan 07)