[9008] in bugtraq

home help back first fref pref prev next nref lref last post

Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service)

daemon@ATHENA.MIT.EDU (Len Budney)
Sat Jan 9 15:17:21 1999

Date: 	Fri, 8 Jan 1999 15:46:10 -0500
Reply-To: Len Budney <budney-lists-bugtraq@PEREGRINE.MAYA.COM>
From: Len Budney <budney-lists-bugtraq@PEREGRINE.MAYA.COM>
X-To:         avalon@COOMBS.ANU.EDU.AU
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199901081439.BAA00258@cheops.anu.edu.au>

Never thought I'd be posting to bugtraq, but:

Darren Reed <avalon@COOMBS.ANU.EDU.AU> wrote:
> On Tue, 5 Jan 1999, D. J. Bernstein wrote:
> > Venema further claims that ``a set-uid posting program cannot guarantee
> > user identification.'' That claim is false. The user id is provided by
> > the standard UNIX getuid() system call.
>
> Just to be pedantic, Venema is correct...If I find some other avenue
> to obtain a different uid...getuid() will...thereafter fail to
> identity correctly which user is sending the email.

Of course. If you log into my workstation as me, it will be
_impossible_ to tell who did it. If you spoof my English well enough,
you might even fool *me*. That's irrelevant. Short of divine
revelation, getuid() is the best you can do _portably_, _today_, on
_UNIX_machines_.

> When all email is cryptographically signed...

[A moment of silence] Yes, we all long for that day. That day is not
today.

Len.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Len Budney                 |  Premature optimization is the root of
Maya Design Group          |  all evil.
budney@maya.com            |              -- Prof. Donald Knuth
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

home help back first fref pref prev next nref lref last post