[891] in linux-security and linux-alert archive
Re: [linux-security] joy
daemon@ATHENA.MIT.EDU (Matt)
Wed Jul 10 18:34:58 1996
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Matt)
Date: 10 Jul 1996 17:38:00 -0400
Jordy (jordy@thirdwave.net) wrote:
: actually, dip does need to be setuid because it modifies the routing tables.
SETUID programs are setuid because users are calling them. Why is dip
being called by a user? If programs are unsuited for being called by
users, then perhaps a wrapper that doesn't except user input is more
called for?
My point is that there are very few programs that need to be SUID. SU is
one that needs to be off hand, /bin/login does not need to be, because it
is called by telnetd which is running as root, because it is spawned from
inetd. etc...
--
-Matt (panzer@dhp.com) DI-1-9026
"That which can never be enforced should not be prohibited."