Re: Exim permissions

To: debian-user@lists.debian.org
Subject: Re: Exim permissions
From: Shyamal Prasad <shyamal.prasad@sbcglobal.net>
Date: 01 Dec 2002 15:52:35 -0600
Message-id: <[🔎] 87lm3976fw.fsf@rattler.some-dsl-address.sbcglobal.net>
In-reply-to: <20021201003505.A16898@pigeon>
References: <8765ue8z2d.fsf@rattler.some-dsl-address.sbcglobal.net> <20021201003505.A16898@pigeon>

    "Pigeon" == jah pigeon <Pigeon> writes:

    >> Better still, use sudo and you will not have to do any C
    >> programming :-)

    Pigeon> Even for your set real u/gid trick? - given that there's
    Pigeon> no setgid(1), and setuid(1) doesn't let you set the gid as
    Pigeon> well? And it can manage that without being a security
    Pigeon> hole? That's pretty neat.

Yes, sudo should work. That is because sudo actually runs the program
as root, not with the effective user id of root.

You might find it instructive to modify your little C program to run
"/usr/bin/id" instead of exim and see what it prints out with
different combinations of setuid/setgid file permissons and sudo.

You did mean setuid(2) up there, right? There is a setgid(2) call. I
have not heard that sudo is inherently insecure in any specific way
(but I'm not a long time sudo user).

Cheers!
Shyamal

Reply to:

Prev by Date: Re: block webistes
Next by Date: The IP MASQ MTU problem
Previous by thread: Re: Exim permissions
Next by thread: Re: Exim permissions
Index(es):
- Date
- Thread