[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allowing a "normal" user to work efficiently

On Tue, Oct 21, 2003 at 11:34:52AM -0400, Roberto Sanchez wrote:
> If the machine is isolated behind a firewall, then you probably have
> nothing to worry about.  I think the concern is that cdrecord lets you
> remotely access the burning device, which could be trouble on a file
> server as you point out.

The fear with suid programs is that you might be able to get root access
through a clever hack. Programs have to be very well designed to give up
root priviliges or else this is trivial.

For example imagine you make "cat" suid...

Then someone can do:
cat /bin/rm /bin/cat
cat -rf /

Of course the idea with actual suid programs is that they are designed
so as not to allow this kind of thing, but still software isn't always
perfect (bug, etc.).

Bijan Soleymani <bijan@psq.com>

Attachment: signature.asc
Description: Digital signature

Reply to: