Re: unowned processes and who controls them (was: Re: passwd entry for uid -1

To: nisse@lysator.liu.se (Niels Möller)
Cc: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>, Robert Bihlmeyer <robbe@orcus.priv.at>, debian-hurd@lists.debian.org
Subject: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
From: Oystein Viggen <oysteivi@tihlde.org>
Date: 07 Jun 2001 08:18:53 +0200
Message-id: <[🔎] 033d9c6cdu.fsf@colargol.tihlde.org>
In-reply-to: <[🔎] nny9r5w6ln.fsf@sture.lysator.liu.se>
References: <[🔎] 20010602214206.BF65699306@perdition.linnaean.org> <[🔎] 20010603205104.D4223@212.23.136.22> <[🔎] 87wv6s5pj4.fsf@orcus.priv.at> <[🔎] 20010604215026.D1366@212.23.136.22> <[🔎] 87y9r7knna.fsf@orcus.priv.at> <[🔎] 20010605173251.A5365@212.23.136.22> <[🔎] 03itia9axu.fsf@colargol.tihlde.org> <[🔎] 20010605183437.B5365@212.23.136.22> <[🔎] 03elsy92bg.fsf@colargol.tihlde.org> <[🔎] 20010605211922.B14341@212.23.136.22> <[🔎] nn7kypxsml.fsf@sture.lysator.liu.se> <[🔎] 03g0dd5mn5.fsf@colargol.tihlde.org> <[🔎] nny9r5w6ln.fsf@sture.lysator.liu.se>

Quoth Niels Möller: 

> But I don't see any big advantage, compared to simply running the
> process in question with userid foo, so I agree that it seems a little
> pointless.

The biggest difference is perhaps that anybody could rmauth a process on
their own and effectiively perform a local DoS on your service.  This
would also be a quite safe attack to perform on a busy server, as you'd
have problem picking out just who might have done what from any logs you
have. 

If you need to create files owned by foo, the easiest way is probably
running as foo.

Oystein
-- 
When in doubt: Flaunt.

Reply to:

References:
- Re: passwd entry for uid -1
  - From: Roland McGrath <roland@frob.com>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: nisse@lysator.liu.se (Niels Möller)
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>
- Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
  - From: nisse@lysator.liu.se (Niels Möller)

Prev by Date: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Next by Date: Re: getsockopt() hurd/glibc mismatch
Previous by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Next by thread: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Index(es):
- Date
- Thread