help-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mtab (was: Re: path+file_name from port or process info?


From: Niels Möller
Subject: Re: mtab (was: Re: path+file_name from port or process info?
Date: 05 Aug 2002 18:46:06 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Marcus Brinkmann <address@hidden> writes:

> Let me try to wrap up the state of the discussion:
> 
> Translators should check if they run suid or sgid, if no, they should check
> if $MTABSERVERS is set and use that.

This comment doesn't make much sense to me.

Either the translator is passive and started by the filesystem, and
then it's running as either the owner of the node where it's attached,
or with the same ids as the parent filesystem (if it didn't have
enough privileges to change uid). Or it's an active translator, and
then it's running as the user that started it. In none of these cases,
the translator is started in a hostile environment, so $MTABSERVERS can
always be trusted.

If you really want to I guess you could start suid or sgid translators by
setting the corresponding bits on the translator *binary*. Then active
translators would be started in a potentially hostile environment set
up by an evil user. But why on earth would you want to do that? 

System translators should use ordinary non-setuid binaries, passive
translators, and suitable ownership over the nodes where they are
attached. I'm almost inclined to argue that the suid/sgid should be
ignored when starting a translator. Or am I missing something?

Regards,
/Niels



reply via email to

[Prev in Thread] Current Thread [Next in Thread]