[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal of new group

According to Tomasz Wêgrzanowski:
> > Note that 'shutdown' was NOT designed to be run setuid - for all
> > I know it's full of grave security holes if you do. You then not
> > only gave the people in the group 'power' permission to shut down
> > the machine, you just granted them root access as well ...
>  
> I see some possibilities to make a mess with suid shutdown but not
> much more mess than with turning power off by button
> but if you know any exploits of suid shutdown of which I dont know
> please tell me (Ive found nothing in manpages)

Well it would be a bit weird if root-exploits were described in manpages
wouldn't it ;)

But the source might contain a buffer overflow exploit, or another
exploit. Yes, I wrote the code myself, and there is even a comment
in the code about running setuid in a special group. But in my experience
_every_ setuid program has at least one hole, no matter how careful
you are. Avoiding setuid programs (esp. setuid root) is important.

If you still consider doing this, at least 2 different experienced
people should audit the program you want to make setuid (shutdown)
to see if there are no security problems involved.

Mike.
-- 
First things first, but not necessarily in that order.
Reply to: