Re: SUID pop3 / imap4?

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SUID pop3 / imap4?

From:	xystrus
Subject:	Re: SUID pop3 / imap4?
Date:	Thu, 4 Apr 2002 19:08:01 -0500
User-agent:	Mutt/1.3.27i

On Wed, Apr 03, 2002 at 06:36:25PM +0300, Sergey Poznyakoff wrote:
> > The followup question is: Should the Makefile install it chmod +s, or
> > should just the Debian package do it?
> 
> I believe neither of them should do it. Pop3d is supposed to be
> started with root privileges. Installing it setuid requires careful
> analysis of possible security implications.

OYE.  I will reiterate:  THERE IS NO DIFFERENCE BETWEEN RUNNING AS ROOT AND
SUID.  If you have software that runs with root priviledges, you must
undergo a careful analysis of possible security implications whether or not
you got root priviledges via the SUID mechanism.  The same dangers apply to
any program that runs with root priviledges, i.e. it is the root priviledges
that are inherently dangerous, NOT the fact that the file is SUID.

Xy

[Prev in Thread]

Current Thread

[Next in Thread]

SUID pop3 / imap4?, Jeff Bailey, 2002/04/03
- Re: SUID pop3 / imap4?, Sam Roberts, 2002/04/03
  - Re: SUID pop3 / imap4?, xystrus, 2002/04/04
- Re: SUID pop3 / imap4?, Sergey Poznyakoff, 2002/04/03
  - Re: SUID pop3 / imap4?, xystrus <=
    - Re: SUID pop3 / imap4?, Sam Roberts, 2002/04/05
    - Re: SUID pop3 / imap4?, xystrus, 2002/04/06
- Re: SUID pop3 / imap4?, xystrus, 2002/04/04
- Re: SUID pop3 / imap4?, xystrus, 2002/04/04

Prev by Date: Re: SUID pop3 / imap4?
Next by Date: Re: Follow up question...
Previous by thread: Re: SUID pop3 / imap4?
Next by thread: Re: SUID pop3 / imap4?
Index(es):
- Date
- Thread