-x implementations
Lars Henrik Mathiesen
thorinn at diku.dk
Tue Feb 5 00:58:42 AEST 1991
jim at segue.segue.com (Jim Balter) writes:
>In article <8920 at star.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
>>)2) It only matters if the program calling access has S_ISUID or S_ISGID set.
>>
>>Not true.
>Is this proof by assertion? Tell me how it's not true.
It simply isn't. (Reason below.)
>>What if the program (e.g. the shell) that _calls_ `test', is setuid?
>>(I.e. its effective uid differs from its real uid.)
>The shell shouldn't be set-uid if you have any concern for security, but even
>if it were, exec pays no attention to the set-uid bit of the caller.
But exec (and fork) don't care about the real uid either, so it is
just inherited. If a shell has different real and effective uids, any
process run by that shell will too (unless it happens to be setuid to
the real uid). And the shell in its turn could have been started by a
setuid program that has a reason for being so.
--
Lars Mathiesen, DIKU, U of Copenhagen, Denmark [uunet!]mcsun!diku!thorinn
Institute of Datalogy -- we're scientists, not engineers. thorinn at diku.dk
More information about the Comp.unix.programmer
mailing list