[11175] in bugtraq
Re: Troff dangerous.
daemon@ATHENA.MIT.EDU (Henrik Nordstrom)
Thu Jul 29 00:28:51 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <379F6ADB.D9C5F35@hem.passagen.se>
Date: Wed, 28 Jul 1999 22:40:59 +0200
Reply-To: hno@HEM.PASSAGEN.SE
From: Henrik Nordstrom <hno@HEM.PASSAGEN.SE>
X-To: Robert Watson <robert+sec@cyrus.watson.org>
To: BUGTRAQ@SECURITYFOCUS.COM
Robert Watson wrote:
> Let me give an example: because man is setuid to the man uid, the binary
> must be owned by uid man.
That is why it should be setgid to man, and not setuid. sgid has the
same benefits in added privilegies for the user to read or write in
special directories, but is less obvious how to elevate these
privilegies to get more privilegies. In the case of man it should be
close to impossible as all you get access to is the cache directories
for preformatted man pages and I beleive most text pagers are quite safe
when it comes to displaying text.
In fact most programs found which is installed suid to some user is most
of the time better installed as sgid to a isolated group for that
programs needs, or not suid/sgid at all.
--
Henrik Nordstrom
