[932] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: writing setuid programs safely

daemon@ATHENA.MIT.EDU (Joshua Cowan)
Fri Jul 19 04:47:45 1996

Date: Thu, 18 Jul 1996 22:22:05 -0500
From: Joshua Cowan <jcowan@jcowan.reslife.okstate.edu>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0ugnOk-000HVuC@liw.clinet.fi>

>>>>> "LW" == Lars Wirzenius <liw@iki.fi> writes:

    LW> I saw a setuid(7) manual page in some newsgroup years ago.

I think what you are talking about is available at
`ftp://ftp.cs.toronto.edu/doc/programming/setuid.man'.

[REW: I verified its existance. It recommends using "access" to 
verify if the normal user has access to a file. I recommend not
trying to do that: you almost always create a way to circumvent 
it using symlinks in a short timespan. I recommend actually
setting the uid to that of the user. If necessary split the
"priviliged" part from the "unpriviliged" and fork off a separate
process for each.]


-- 
Joshua Cowan  <jcowan@hermit.reslife.okstate.edu> _____________________
http://hermit.reslife.okstate.edu/~jcowan/       |  Comp Sci Student
"Very funny, Scotty.  Now beam down my clothes." | OSU - Stillwater, OK
PGP key available from any PGP keyserver or by fingering above address.


home help back first fref pref prev next nref lref last post