[1447] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Avoiding setuid applications

daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri Feb 14 02:13:14 1997

To: linux-security@redhat.com
Date: Thu, 13 Feb 1997 13:04:42 +0100
From: Olaf Kirch <okir@monad.swb.de>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


Hi there,

some of the recent holes discussed on this list, and David Holland's
suggestion for a utmp manager daemon got me thinking. I ended up coding
a sample program that demonstrates how a `resource manager' can be used
to allow applications access to certain resources while not giving them
any privileges.

The sample program is a primitve modem manager that hands out open
file descriptors to modems. This is done by passing the file descriptor
over a UNIX domain socket.

The protocol also provides for some kind of authentication, but it's
not really good.  Recent 2.1 kernels provide SCM_CREDENTIALS passing,
which could be used here.

The source can be found on
 ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir/modemmgr-0.2.tar.gz

Feedback welcome,
Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de        +-------------------- Why Not?! -----------------------


home help back first fref pref prev next nref lref last post