Re: how to identify the superuser in C

To: debian-security@lists.debian.org
Subject: Re: how to identify the superuser in C
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 11 Dec 2002 20:24:43 -0500
Message-id: <20021212012443.GA22798@mizar.alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20021212.083827.71103658.oohara@grain>
References: <20021211.110711.74739803.oohara@grain> <20021211191315.GF16409@mizar.alcor.net> <20021212.083827.71103658.oohara@grain>

On Thu, Dec 12, 2002 at 08:38:27AM +0900, Oohara Yuuma wrote:

> On Wed, 11 Dec 2002 14:13:15 -0500,
> Matt Zimmerman <mdz@debian.org> wrote:
> > On Wed, Dec 11, 2002 at 11:07:11AM +0900, Oohara Yuuma wrote:
> > > The problem is that there is fakeroot. getuid() == 0 or
> > > geteuid() == 0 is not enough.  PAM is an overkill.
> > > I think seteuid(0) == 0 is the best approach.
> > fakeroot (or any other dynamic linker tricks) will not work on set[ug]id
> > programs.  libc can be trusted here.
> Is this Linux specific?  (There can be a Hurd port in the sarge release).

Any system which would allow system calls to be spoofed in privileged
programs this way would have a gaping security hole.  Your program would be
the least of its worries.

-- 
 - mdz

Reply to:

References:
- how to identify the superuser in C
  - From: Oohara Yuuma <oohara@libra.interq.or.jp>
- Re: how to identify the superuser in C
  - From: Matt Zimmerman <mdz@debian.org>
- Re: how to identify the superuser in C
  - From: Oohara Yuuma <oohara@libra.interq.or.jp>

Prev by Date: Re: how to identify the superuser in C
Next by Date: Re: init.d startup sequence for shorewall
Previous by thread: Re: how to identify the superuser in C
Next by thread: Re: how to identify the superuser in C
Index(es):
- Date
- Thread