http://www.geek.org.uk/phila/hawza/suid.html
The above site gives a prime example of a hacker writing a SUID
program, what a waste of talent. Check it out. Would you hire him?
----- Original Message -----
From: "Robert McMahon" <[EMAIL PROTECTED]>
To: "Sandeep Shetty" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, February 18, 2000 8:15 AM
Subject: Re: What is SUID?
There is alot published on SUID. You could start with CERT. A good
explanation of SUID (Set-UID) is in the "Practical Unix & Internet
Security" book by O'Reilly & Associates. Basically it permits SUID
programs
to assume another UID when executed (runs with privileges of its
owner).
The "/bin/passwd" program is an example of such a program.
The problem is the SUID programs, especially those owned by root, is
that
they must be written extremely well. If the SUID program breaks
because of
unexpected condition, and it is running as root, security problems
arise
(e.g., cracker becomes root!).
Bob
Sandeep Shetty wrote:
> Hi all,
> I Just wanted to know what does SUID stand for and why is
used?
>
>
######################################################################
###
> _ _ _ _
> | | | | __ ___ _____ __ _ _ __ (_) ___ ___ __| | __ _ _
_
> | |_| |/ _` \ \ / / _ \ / _` | | '_ \| |/ __/ _ \ / _` |/ _` |
| | |
> | _ | (_| |\ V / __/ | (_| | | | | | | (_| __/ | (_| | (_| |
|_| |
> |_| |_|__,_| _/ ___| __,_| |_| |_|_|______| __,_|__,_|__, |
>
|_|
>
######################################################################
###
>
>
> With lots of luv,
> Sandeep Shetty
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
