Re: Setuid
On Wed, 20 Nov 1996, joost witteveen wrote:
> > Why not use POSIX (or whatever) saved-uids. Switch straight out of root by
> > swapping euid and uid as soon as the program starts, then swap again just
> > before calling svga_init(). This puts the security risks to a minimum.
>
> Seems interesting. I haven't very much experience with this, and I just
> experimented with it, I think I get what you mean, but I'm not sure
> I'm doing it right. Could you check if this below is actually what you
> intended (and is OK?)
>
> int main(){
> setreuid(0,getuid());
^
According to the info file for libc, there are two ways of doing it. You
can either used the saved-uid feature (which Linux does support, so it's
best to go for this), or you can swap uid and euid. Try something like:-
int main()
{
seteuid (getuid ());
/* ... */
seteuid (0);
svga_init();
/* svga_init has now reset out euid to our uid */
/* unpriveliged again... */
}
> Also, what would you think -- should I, if I make these changes, make
> setuid default? Cos if I get it right, then, when there is some buffer
Yes. Root euid is only used here to call one function, and is immediately
got rid of by svga_init - the function to get the ioport priveliges. Then
the only security hazard is if someone manages to spoof svgalib (i.e.
LD_PRELOAD=...). I think the only way to stop this is possibly to
statically link svgalib (or there might be a setting for LD, but I don't
know).
--
Tom Lees <tom@lpsg.demon.co.uk>
== Linux debian 2.1.10 #14 Tue Nov 19 16:31:18 GMT 1996 i486 ==
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: