[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suid binaries should not be writable by owner

On Feb 07, Nicol?s Lichtmaier wrote:
> > > Argh, egg on face: linux lets the owner of a file modify it even if it
> > > is mode 444 and in a directory they do not own. Yuck! Is this standard
> > > unix semantics? It sucks.
> > Even worse: IIRC the owner of a file can chmod it to his or her
> > heart's content, and this is standard Unix semantics.  It could be
> > mode 000 for all Linux cares.
> 
>  A better design would have been having the file to have a second UID/GID.
> 
>  So, a file could be owned by root, but setuid man.

If you can somehow map capabilities (like the ability to listen on a
low port) to groups in a fine-grained enough way, the setgid mechanism
would work fine for this.  Of course, by then you're going far enough
beyond portability that it's probably just better to implement ACLs or
something.

Then again, if the software can run as a non-root user and be suid to
that user, I can't think of any good reason why it couldn't just be
sgid to some group without any users in it instead.  Maybe I'm not
thinking hard enough though :)


Chris
-- 
Chris Lawrence <cnlawren@olemiss.edu> -  http://www.lordsutch.com/chris/

Computer Systems Manager (Physics & Astronomy, 125 Lewis, 662-915-5765)
Instructor, POL 101      (Political Science, 208 Deupree, 662-915-5949)
Reply to: