switching between groups
I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). Any help would be appreciated. Adil ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
switching between groups
I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). Any help would be appreciated. Adil ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: switching between groups
Unfortunately, newgrp(1) would not work, because it calls setgroups, which for some weird reason, needs the caller to be a superuser. Isn't there a function that sets the groups (like setgroups) of the current process where you don't have to be a superuser? To maintain security, that function could just check that the groups being set by setgroups are a subset of the caller's set. Does a function like that already exist? If not, how come? Thanks, Adil -Original Message- From: Bruce M Simpson [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 1:12 PM To: Adil Katchi Cc: '[EMAIL PROTECTED]' Subject: Re: switching between groups On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). newgrp(1) could be hacked to do this fairly easily. Currently it preserves supplemental group memberships. An option to discard supplementals could be added. Or just call setgroups() with a no-op group-list vector and then setgid()/ setegid() from within your application. BMS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: switching between groups
On Wed, 7 Jan 2004, Adil Katchi wrote: Unfortunately, newgrp(1) would not work, because it calls setgroups, which for some weird reason, needs the caller to be a superuser. Isn't there a function that sets the groups (like setgroups) of the current process where you don't have to be a superuser? To maintain security, that function could just check that the groups being set by setgroups are a subset of the caller's set. Does a function like that already exist? If not, how come? Groups are sometimes used for negative access control rights: i.e., permissions are set on a file so that users who should not be able to read the file are in a group, and the group rights are less than the 'other' rights. If users can drop arbitrary groups, they can leave the group excluding the rights. This probleis more or less pronounced with ACLs, depending on who you speak to: using negative rights is often a workaround for not having ACLs, but with ACLs, you can add more than one group to a file, and don't have to be a member of the group to add it... It does strike me that newgrp(1) seems less than useful without the setuid bit... Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Senior Research Scientist, McAfee Research Thanks, Adil -Original Message- From: Bruce M Simpson [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 1:12 PM To: Adil Katchi Cc: '[EMAIL PROTECTED]' Subject: Re: switching between groups On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). newgrp(1) could be hacked to do this fairly easily. Currently it preserves supplemental group memberships. An option to discard supplementals could be added. Or just call setgroups() with a no-op group-list vector and then setgid()/ setegid() from within your application. BMS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
switching between groups
I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). Any help would be appreciated. Adil ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: switching between groups
On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). newgrp(1) could be hacked to do this fairly easily. Currently it preserves supplemental group memberships. An option to discard supplementals could be added. Or just call setgroups() with a no-op group-list vector and then setgid()/ setegid() from within your application. BMS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: switching between groups
* Bruce M Simpson [EMAIL PROTECTED] [2004-01-06 18:11 +]: On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). newgrp(1) could be hacked to do this fairly easily. Currently it preserves supplemental group memberships. An option to discard supplementals could be added. But you shouldn't forget, you can deny access to a specific group now. This won't work any longer, when users can leave groups at will. Nicolas ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: switching between groups
* Adil Katchi [EMAIL PROTECTED] [2004-01-06 17:01 -0500]: I don't follow, what do you mean? A file with mode rwr-- owned by root:group1 could be read by anyone who is not in group1. Nicolas Confusing quote: -Original Message- From: Nicolas Rachinsky [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 4:44 PM To: '[EMAIL PROTECTED]' Cc: Adil Katchi Subject: Re: switching between groups * Bruce M Simpson [EMAIL PROTECTED] [2004-01-06 18:11 +]: On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: I was just wondering if anyone has any ideas how it's possible for a user that belongs to multiple groups to somehow limit his or her own capabilities by using only one of the n groups that they belong to and be able to switch between these groups? For example, if userA belongs to groupA, groupB and groupC, can userA enter a mode that would force it to only belong to groupA (or groupB, or groupC)? UserA whould be able to switch between these groups and back to normal (ie. belong to all groups). newgrp(1) could be hacked to do this fairly easily. Currently it preserves supplemental group memberships. An option to discard supplementals could be added. But you shouldn't forget, you can deny access to a specific group now. This won't work any longer, when users can leave groups at will. Nicolas ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]