[1447] in linux-security and linux-alert archive
[linux-security] Avoiding setuid applications
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri Feb 14 02:13:14 1997
To: linux-security@redhat.com
Date: Thu, 13 Feb 1997 13:04:42 +0100
From: Olaf Kirch <okir@monad.swb.de>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Hi there,
some of the recent holes discussed on this list, and David Holland's
suggestion for a utmp manager daemon got me thinking. I ended up coding
a sample program that demonstrates how a `resource manager' can be used
to allow applications access to certain resources while not giving them
any privileges.
The sample program is a primitve modem manager that hands out open
file descriptors to modems. This is done by passing the file descriptor
over a UNIX domain socket.
The protocol also provides for some kind of authentication, but it's
not really good. Recent 2.1 kernels provide SCM_CREDENTIALS passing,
which could be used here.
The source can be found on
ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir/modemmgr-0.2.tar.gz
Feedback welcome,
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de +-------------------- Why Not?! -----------------------