[903] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] joy

daemon@ATHENA.MIT.EDU (The Chazman)
Fri Jul 12 11:41:38 1996

From: The Chazman <cnmiller@sdcc10.ucsd.edu>
Date: Wed, 10 Jul 1996 23:30:43 -0700 (PDT)
To: linux-security@tarsier.cv.nrao.edu, panzer@dhp.com

Matt (panzer@dhp.com) writes:
> 
> Jordy (jordy@thirdwave.net) wrote:
> : actually, dip does need to be setuid because it modifies the routing tables.
> 
> SETUID programs are setuid because users are calling them.  Why is dip 
> being called by a user?  If programs are unsuited for being called by 
> users, then perhaps a wrapper that doesn't except user input is more 
> called for?
> 

    True, dip will work fine in dialout mode installed with permissions 0755
if it is only invoked by root.  But dip can also be used as the login shell
of an account on a SLIP/PPP server machine that the client logs in as to
establish the connection.  When used in this mode, dip must be installed SUID
root, unless you want to make an intermediary suid-root program that then
exec's dip, but what does that buy you?


                          -----Carl Miller
[cnmiller@ucsd.edu   -- UCSD student, ComStream engineer]

home help back first fref pref prev next nref lref last post