Peter Williams <[EMAIL PROTECTED]> writes:

>>> If you have the source code for the programs then they could be
>>> modified to drop the root euid after they've changed policy.  Or
>>> even do the

> Paul Davis wrote:
>> This is insufficient, since they need to be able to drop RT
>> scheduling and then reacquire it again later.

> I believe that there are mechanisms that allow this.  The setuid man
> page states that a process with non root real uid but setuid as root
> can use the seteuid call to use the _POSIX_SAVED_IDS mechanism to
> drop and regain root privileges as required.

Which every system cracker knows.  Any attack on such a program is
going to re-acquire root privileges and take over the system.

Temporarily dropping privileges gains no security whatsoever.  It is
nothing more than a coding convenience.  The program remains *inside*
the system security perimeter.
-- 
  joq
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to