Re: Setuid

To: joost witteveen <joost@rulcmc.leidenuniv.nl>
Cc: Debian Development mailing list <debian-devel@lists.debian.org>
Subject: Re: Setuid
From: Tom Lees <tom@lpsg.demon.co.uk>
Date: Tue, 19 Nov 1996 19:30:14 +0000 (GMT)
Message-id: <Pine.LNX.3.94.961119192726.689A-100000@debian.dd.com>
In-reply-to: <m0vPYZA-000163C@rulcmc.leidenuniv.nl>

On Mon, 18 Nov 1996, joost witteveen wrote:

> And, if I put the svga_init() call as the first thing in main(), 
> gs will _always_ say
>   Using some svgalib driver
> This looks confusing, if gs draws on my X screen.
> 
> The other option, making the wrapper setuid root, looked even less
> attractive to me: Althought the wrapper knows what device gs wants
> to use, I alreadly had one bug in my wrapper (buffer overrun), and
> I am quite glad it wasn't setuid then.

Why not use POSIX (or whatever) saved-uids. Switch straight out of root by
swapping euid and uid as soon as the program starts, then swap again just
before calling svga_init(). This puts the security risks to a minimum.

-- 
Tom Lees <tom@lpsg.demon.co.uk>
== Linux debian 2.1.10 #14 Tue Nov 19 16:31:18 GMT 1996 i486 ==

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: Setuid
  - From: joost@rulcmc.leidenuniv.nl (joost witteveen)

Prev by Date: Re: last date for frozen upload (was: Re: bo, rex?)
Next by Date: Re: Upcoming Debian Releases [auto-post]
Previous by thread: Re: Setuid
Next by thread: Re: Setuid
Index(es):
- Date
- Thread