[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dropping setuid/setgid privileges
From: |
Bruno Haible |
Subject: |
Re: dropping setuid/setgid privileges |
Date: |
Thu, 11 Jun 2009 23:10:47 +0200 |
User-agent: |
KMail/1.9.9 |
Sergey Poznyakoff wrote:
> > What is the use-case that you are considering? A setuid/setgid executable,
> > or an executable run by root?
>
> I was considering an executable run by root.
Ah, I see. That requires a different API, one that takes the target uid and
gid (and supplementary groups) as arguments.
> > And what task does it do, related to the user's data and devices?
>
> Retaining supplementary is often necessary for the program to be
> able to access various files. I use this approach in Mailfromd
And it's necessary to relinquish those groups because on some systems,
'root' is member of many groups - privileges that the program does not
need. For example, on MacOS X:
$ grep root /etc/group
wheel:*:0:root
daemon:*:1:root
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
procview:*:8:root
procmod:*:9:root
staff:*:20:root
certusers:*:29:root,_jabber,_postfix,_cyrus,_calendar
admin:*:80:root
Shouldn't the program also call setgroups (possibly indirectly through
initgroups), in order to make sure that it can write any file that the
user can write to? For example, the user can write to a file that he
does not own but which is chgrp'ed to a group that is contained among
his supplementary groups. The program may need to write to such a file.
If it has only the user's uid and gid, it cannot do it. So it needs
also to acquire all supplementary groups of the user, right?
Bruno
- Re: [PATCH] chroot specify user/group feature, James Youngman, 2009/06/04
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/07
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/07
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/07
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08
- Re: dropping setuid/setgid privileges, Sergey Poznyakoff, 2009/06/10
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges, Sergey Poznyakoff, 2009/06/11
- Re: dropping setuid/setgid privileges,
Bruno Haible <=
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/11
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/12
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/12
Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08
- Re: dropping setuid/setgid privileges, Sam Steingold, 2009/06/08
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08
- Re: dropping setuid/setgid privileges, Sam Steingold, 2009/06/08
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/09
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/09