[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200312061042.hB6AgmE38762@milan.maths.usyd.edu.au>
From: psz at maths.usyd.edu.au (Paul Szabo)
Subject: Partial Solution to SUID Problems
Todd Burroughs <todd@...topia.com> wrote:
> If, by "messing up with them", you mean "turning off the suid bit", that
> cannot decrease security. If they think otherwise, they do not know
> what they talk about. Any program that is suid or sgid can either do
> nothing for or decrease your security. I cannot think of any possible
> way that keeping suid/sgid could increase your security. There are some
> exceptions if you want to give people partial root access, like 'sudo'.
Sorry, but I have a counter-example (and admit that I was bitten by it):
pt_chown (or chgpt or slvmod or whatever). Some OSs use something like
that to chown or chmod the pty they just allocated. Turning the suid bit
off prevents your pty from being owned by you so you cannot set safe
permissions, and are vulnerable to "echo badcommand > yourpty".
Cheers,
Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
Powered by blists - more mailing lists