Re: Different roots for each process possible?

To: Roland McGrath <frob@debian.org>
Cc: "Mark H. Weaver" <mhw@netris.org>, debian-hurd@lists.debian.org
Subject: Re: Different roots for each process possible?
From: "Stefan Karrmann" <sk@mathematik.uni-ulm.de>
Date: Fri, 19 Jan 2001 11:51:20 +0100
Message-id: <[🔎] 20010119105120.21411.qmail@theseus.mathematik.uni-ulm.de>
In-reply-to: <[🔎] 200101190634.f0J6Yux00692@neuralgia.linnaean.org>; from frob@debian.org on Fri, Jan 19, 2001 at 01:34:56AM -0500
References: <[🔎] 878zo8cbyn.fsf@kosh.netris.org> <[🔎] 200101190634.f0J6Yux00692@neuralgia.linnaean.org>

On Fri, Jan 19, 2001 at 01:34:56AM -0500, Roland McGrath wrote:
> > What about non-hurd-aware setuid/setgid programs which trust the
> > authenticity of their config file based on its location within the
> > filesystem?
> [...]
> > Am I missing something?
> 
> Yes.  You missed where I mentioned that setuid/setgid execs (called "secure
> execs" in Hurd parlance) revert to the global root directory port.  (Some
> other ports that are ordinarily just inherited from the parent process also
> get reset to secure values by a secure exec.)

Is this done by a library (e.g. libc) or by the kernel?
In the first case it may be possible for a program to get that global root port,
too. In the second case it is secure as long as the setuid are aware of it.

One last thought.
cp /bin/sh myroot
chmod 6777 myroot/sh
chroot myroot
./sh

Now sh is a setuid/setgid program. Therefore, after the last command I'm at the
global root again - escaped from prision.

Reply to:

References:
- Re: Different roots for each process possible?
  - From: mhw@netris.org (Mark H. Weaver)
- Re: Different roots for each process possible?
  - From: Roland McGrath <frob@debian.org>

Prev by Date: Those CDs again
Next by Date: Re: Those CDs again
Previous by thread: Re: Different roots for each process possible?
Next by thread: Weird networking
Index(es):
- Date
- Thread