User: Password:
Subscribe / Log in / New account

Removing setuid

Removing setuid

Posted Nov 29, 2010 14:36 UTC (Mon) by talex (subscriber, #19139)
In reply to: Removing setuid by vonbrand
Parent article: Ghosts of Unix past, part 4: High-maintenance designs

OK. In the case of services, the membrane is needed only for the socket over which the user sends their messages, which hopefully the programmer is already thinking about from a security PoV.

In the case of SetUID, the membrane includes quite a lot of things the programmer probably didn't think about, besides the program's arguments, including the inherited:

* environment variables
* file descriptors (e.g. close(1); exec(setuid))
* the current directory (which may be writeable/moveable by the user)
* ulimits
* umask
* POSIX capabilities?

(those are the ones I can think of; I'm sure there are more)

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds