Running random user programs as ROOT?!
John Chambers
jc at minya.UUCP
Tue Jun 25 20:55:28 AEST 1991
> I hope not. Su sets *real* and effective user ID. The
> saved-set-user-ID should be wiped out by the su program when SUing
> to the user's account. Otherwise SU is *horribly* broken.
OK, so if I wanted to write a version of su that wasn't "horribly
broken", how would I do it? I've dug around in TFM on several
occasions, trying to make sense of the saved-set-user-ID concept, to
little avail. They seem to think that they should keep it a secret
from me, because if I'm interested, I am obviously an Evil Hacker who
is trying to violate system security.
So far, I haven't seen any documented system call to set this third
uid that some Unix kernels keep. If there's no (documented) way to set
it, how can you accuse a program of being "horribly broken" if it
doesn't set it correctly?
BTW, this isn't purely hypothetical. I recently added a dumb terminal
to this (Sys/VR3) system so that when X shoots itself in the foot and
goes zombie on me, I have a back door to do something short of pushing
the reset button. But what I can do there is very limited, because
when I type "su" it just says "Sorry", without even asking me for a
password. TFM hasn't helped at all to explain why su is so
recalcitrant. I've done what any hacker would do - written my own
version of su. Now I find that, according to the above, it is horribly
broken. I'd like to know how to make it less so. How do I do that?
If it's described somewhere in TFM (that I am too stupid to find), I'd
like to know where, and how I missed it.
--
All opinions Copyright (c) 1991 by John Chambers. Inquire for licensing at:
Home: 1-617-484-6393 ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc
Work: 1-508-486-5475 {sppip7.lkg.dec.com!jc,ub40::jc}
More information about the Comp.unix.admin
mailing list