[132] in linux-security and linux-alert archive
Re: Closing suid root holes
daemon@ATHENA.MIT.EDU (Elias Levy)
Mon Mar 13 00:53:53 1995
Date: Sun, 12 Mar 1995 16:52:49 -0800 (PST)
From: Elias Levy <elias@power.net>
To: linux-security@tarsier.cv.nrao.edu
cc: linux-security <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <199503122046.VAA11184@mvmampc66.ciw.uni-karlsruhe.de>
Reply-To: linux-security@tarsier.cv.nrao.edu
On Sun, 12 Mar 1995, Thomas Koenig wrote:
>
> To partially solve the suid program problem, I've proposed, in the
> past, an additional flag for the file system, similar to the
> immutable and read-only flags already found on EXT2FS.
>
> Comments?
>
Guess this fallows my question of why under unix file permission checks
are not done for root. I would be "insteresting" if these where performed
for root too. Of curse root could chmod a file and read it but the point
was a program that simply was exploited to read file or modify them could
not. Just imagine the passwd file being mode 444. Then a program that had
a bug that allowed the bad guys to append to any file could not be used.
Of curse this means modifying the passwd programs and good knows how many
other things, to do a chmod before and after opening the file.
elias@power.net (Elias Levy)
PowerNet, Inc.
