Clearing environment on exec of setuid process
Moderator, John Quarterman
std-unix at ut-sally.UUCP
Wed Feb 12 02:20:24 AEST 1986
Date: Mon, 10 Feb 86 11:06:44 MST
>From: thomas%utah-gr at UTAH-CS.ARPA (Spencer W. Thomas)
Organization: University of Utah, Salt Lake City
In article <4141 at ut-sally.UUCP> pegasus!hansen (Tony Hansen) writes:
>One slight difference is that Vr2 non-root setuid(2) sets the effective uid
>and not the real uid. Only a root setuid(2) will change the real uid as
>well; which can't then be changed back.
This seems to me to be a potential security problem. It means that you
cannot write a program to give a certain set of people access to a
particular uid (ala su) without making it setuid root. It would be much
safer, it seems to me, to make it setuid to the uid you want to give
access to, and let it do setuid(geteuid()). This is necessary if, for
example, the program wants to fork a real setuid program with the new
uid. We have a number of programs that do this. Yet another reason to
not use SV.
[ Please, let's not start up the System V vs. 4BSD argument here. -mod ]
--
=Spencer ({ihnp4,decvax}!utah-cs!thomas, thomas at utah-cs.ARPA)
Volume-Number: Volume 5, Number 46
More information about the Mod.std.unix
mailing list