Re: A question on setting setuid bit

To: Ian Jackson <ian@davenant.greenend.org.uk>
Cc: <debian-devel@lists.debian.org>
Subject: Re: A question on setting setuid bit
From: "LEE, Yui-wah (Clement)" <leecy@bell-labs.com>
Date: Fri, 7 Jul 2006 16:42:47 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.33.0607071629430.9429-100000@rimavpc1.dnrc.bell-labs.com>
Reply-to: <leeyuiwah@hknet.com>
In-reply-to: <[🔎] 17582.37571.838597.246226@davenant.relativity.greenend.org.uk>

Hi,

This is an experimental package that we built and
evaluate internally (up to this moment).  The program
that needs setuid is a cgi-bin program that is invoked
by apache2, which runs as a regular user www-data.  The
cgi-bin program however needs to interact with
iptables.

I know setuid programs are risky but I haven't got the
time to address the security risk yet (one thing at a
time ... :-)

Thanks for the alert.

Clement

On Fri, 7 Jul 2006, Ian Jackson wrote:

> LEE, Yui-wah (Clement) writes ("A question on setting setuid bit"):
> > I am building a package in which one of the binary has
> > to have the setuid and setgid bits set.  I wonder which
> > one of the following two is the more appropriate method
> > to use?
>
> Forgive my scepticism, but which package, and why ?  set-id bits
> should not be set lightly and they should only be used after careful
> consideration by experts.
>
> Ian.
>

Reply to:

Follow-Ups:
- Re: A question on setting setuid bit
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: A question on setting setuid bit
  - From: Ian Jackson <ian@davenant.greenend.org.uk>

References:
- Re: A question on setting setuid bit
  - From: Ian Jackson <ian@davenant.greenend.org.uk>

Prev by Date: Re: Debian Bug Tracking System
Next by Date: Re: A question on setting setuid bit
Previous by thread: Re: A question on setting setuid bit
Next by thread: Re: A question on setting setuid bit
Index(es):
- Date
- Thread