Jack O'Quin wrote:
Peter Williams <[EMAIL PROTECTED]> writes:
If you have the source code for the programs then they could be
modified to drop the root euid after they've changed policy. Or
even do the
Paul Davis wrote:
This is insufficient, since they need to be able to drop RT
scheduling and then reacquire it again later.
I believe that there are mechanisms that allow this. The setuid man
page states that a process with non root real uid but setuid as root
can use the seteuid call to use the _POSIX_SAVED_IDS mechanism to
drop and regain root privileges as required.
Which every system cracker knows. Any attack on such a program is
going to re-acquire root privileges and take over the system.
Temporarily dropping privileges gains no security whatsoever. It is
nothing more than a coding convenience.
Yes, to help avoid accidentally misusing the privileges.
The program remains *inside*
the system security perimeter.
Which is why you have to be careful in writing setuid programs.
Peter
--
Peter Williams [EMAIL PROTECTED]
"Learning, n. The kind of ignorance distinguishing the studious."
-- Ambrose Bierce
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/