[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
setuid root programs in hurd dist
|
From: |
Roland McGrath |
|
Subject: |
setuid root programs in hurd dist |
|
Date: |
Wed, 5 Jun 2002 17:28:50 -0400 (EDT) |
They are:
login -- Falls back to unix-style if password server is not there.
If we can presume the password server works, then we can
clear the setuid bit here. (We could also remove the old code,
or leave it there for only root to be able to use w/o server.)
ids -- Does pid2task to query arbitrary processes auth ports.
Seems like a questionable need. If that info should be public,
we could just have the proc server publish the id lists it got
in its auth transactions (which it doesn't save now).
ps -- Needs task ports to query some kinds of info.
w -- I'm not sure that it really needs it.
vmstat -- Needs host priv port to talk to default pager.
One Day this will be different when we have a Hurdish default
pager that is accessible via /servers.
vminfo -- Lets you show AS of any process. Seems like it should not be suid.
ping -- Just like Unix, needs root for raw sockets.
Eventually it might be good to use a separate UID for pfinet
that has access to net devices and no other root privs.
Then ping and the like could be setuid that UID instead.
- setuid root programs in hurd dist,
Roland McGrath <=