There is alot published on SUID. You could start with CERT. A good
explanation of SUID (Set-UID) is in the "Practical Unix & Internet
Security" book by O'Reilly & Associates. Basically it permits SUID programs
to assume another UID when executed (runs with privileges of its owner).
The "/bin/passwd" program is an example of such a program.
The problem is the SUID programs, especially those owned by root, is that
they must be written extremely well. If the SUID program breaks because of
unexpected condition, and it is running as root, security problems arise
(e.g., cracker becomes root!).
Bob
Sandeep Shetty wrote:
> Hi all,
> I Just wanted to know what does SUID stand for and why is used?
>
> #########################################################################
> _ _ _ _
> | | | | __ ___ _____ __ _ _ __ (_) ___ ___ __| | __ _ _ _
> | |_| |/ _` \ \ / / _ \ / _` | | '_ \| |/ __/ _ \ / _` |/ _` | | | |
> | _ | (_| |\ V / __/ | (_| | | | | | | (_| __/ | (_| | (_| | |_| |
> |_| |_|__,_| _/ ___| __,_| |_| |_|_|______| __,_|__,_|__, |
> |_|
> #########################################################################
>
>
> With lots of luv,
> Sandeep Shetty
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
