[9008] in bugtraq
Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service)
daemon@ATHENA.MIT.EDU (Len Budney)
Sat Jan 9 15:17:21 1999
Date: Fri, 8 Jan 1999 15:46:10 -0500
Reply-To: Len Budney <budney-lists-bugtraq@PEREGRINE.MAYA.COM>
From: Len Budney <budney-lists-bugtraq@PEREGRINE.MAYA.COM>
X-To: avalon@COOMBS.ANU.EDU.AU
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199901081439.BAA00258@cheops.anu.edu.au>
Never thought I'd be posting to bugtraq, but:
Darren Reed <avalon@COOMBS.ANU.EDU.AU> wrote:
> On Tue, 5 Jan 1999, D. J. Bernstein wrote:
> > Venema further claims that ``a set-uid posting program cannot guarantee
> > user identification.'' That claim is false. The user id is provided by
> > the standard UNIX getuid() system call.
>
> Just to be pedantic, Venema is correct...If I find some other avenue
> to obtain a different uid...getuid() will...thereafter fail to
> identity correctly which user is sending the email.
Of course. If you log into my workstation as me, it will be
_impossible_ to tell who did it. If you spoof my English well enough,
you might even fool *me*. That's irrelevant. Short of divine
revelation, getuid() is the best you can do _portably_, _today_, on
_UNIX_machines_.
> When all email is cryptographically signed...
[A moment of silence] Yes, we all long for that day. That day is not
today.
Len.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Len Budney | Premature optimization is the root of
Maya Design Group | all evil.
budney@maya.com | -- Prof. Donald Knuth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~