Re: Different roots for each process possible?
On Fri, Jan 19, 2001 at 01:34:56AM -0500, Roland McGrath wrote:
> > What about non-hurd-aware setuid/setgid programs which trust the
> > authenticity of their config file based on its location within the
> > filesystem?
> > Am I missing something?
> Yes. You missed where I mentioned that setuid/setgid execs (called "secure
> execs" in Hurd parlance) revert to the global root directory port. (Some
> other ports that are ordinarily just inherited from the parent process also
> get reset to secure values by a secure exec.)
Is this done by a library (e.g. libc) or by the kernel?
In the first case it may be possible for a program to get that global root port,
too. In the second case it is secure as long as the setuid are aware of it.
One last thought.
cp /bin/sh myroot
chmod 6777 myroot/sh
Now sh is a setuid/setgid program. Therefore, after the last command I'm at the
global root again - escaped from prision.