[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Different roots for each process possible?

On Fri, Jan 19, 2001 at 01:34:56AM -0500, Roland McGrath wrote:
> > What about non-hurd-aware setuid/setgid programs which trust the
> > authenticity of their config file based on its location within the
> > filesystem?
> [...]
> > Am I missing something?
> Yes.  You missed where I mentioned that setuid/setgid execs (called "secure
> execs" in Hurd parlance) revert to the global root directory port.  (Some
> other ports that are ordinarily just inherited from the parent process also
> get reset to secure values by a secure exec.)

Is this done by a library (e.g. libc) or by the kernel?
In the first case it may be possible for a program to get that global root port,
too. In the second case it is secure as long as the setuid are aware of it.

One last thought.
cp /bin/sh myroot
chmod 6777 myroot/sh
chroot myroot

Now sh is a setuid/setgid program. Therefore, after the last command I'm at the
global root again - escaped from prision.

Reply to: