[11288] in bugtraq
Re: SGID man
daemon@ATHENA.MIT.EDU (Henrik Nordstrom)
Fri Aug 6 16:37:26 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37AA35A6.195F803E@hem.passagen.se>
Date: Fri, 6 Aug 1999 03:08:54 +0200
Reply-To: hno@HEM.PASSAGEN.SE
From: Henrik Nordstrom <hno@HEM.PASSAGEN.SE>
X-To: Isaac To <kkto@CSIS.HKU.HK>
To: BUGTRAQ@SECURITYFOCUS.COM
Isaac To wrote:
> But yes, it is ugly. It might be better if any SGID program is also SUID
> nobody, and re-acquire real user privilege only when required. But still,
> it is ugly.
That is not a viable approach unless the binary (and all other binaries
owned by nobody) also is immutable. If the binary isn't immutable and
someone finds a security breach in the program or one of the invoked
sub-programs then they can easily replace the binary with a custom one,
and if root (or another user) then runs this program in the beleif that
it is the original one...
--
Henrik Nordstrom
