[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: saved IDs and exec (standard violation?)

From: Thomas Bushnell, BSG
Subject: Re: saved IDs and exec (standard violation?)
Date: 12 May 2002 01:21:39 -0700
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Roland McGrath <roland@frob.com> writes:

> The only drawback I see is in the case when svuid!=euid or svgid!=egid, and
> you are executing an sugid file.  The user will reauthenticate everything
> for the svuid=euid, svgid=egid change and then the filesystem will
> reauthenticate everything again to do the suid/sgid.  So, a sugid program
> that execs another sugid program directly without an intervening exec of a
> non-suid program--a pretty rare event, I would guess.

I'm happy to gunk up setuid execs with however many extra RPCs as long
as normal execs can remain speedy.

> > But there might be a security reason why we have to force the change
> > to be made.  But I can't possibly see what that would be.
> I don't think any concept of security is sensical for non-sugid execs with
> EXEC_SECURE.  The user who made the call will always be able to grab the
> process by its scrawny little task port and diddle its ports out the wazoo.

Exactly my thinking.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]