Horst von Brand <vonbrand@pincoya.inf.utfsm.cl>:
>Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil> said:
>> I have done counts on the total number of setuid programs (IRIX) and it was
>> under 100. Some of these programs really didn't rate being setuid anyway so
>> they lost the setuid/setgid bit, leaving only 55.
>But many programs are used in system administration in a way that relies on
>the almightyness of root, so this is not that clear cut. Lowly ls(1),
>rm(1), mv(1), ln(1), your-editor-of-choice(1) come to mind... add stuff
>like ifconfig(8), mke2fs(8), and the number is staggering.
These do NOT need special privileges. They are controled not by root, but
by ownership/access of the device in question. mke2fs works because ownership
of the device. As long as the device/user ownership match then the program
can do it's work. Such protections are already in the kernel. The biggest
catastrophes occur because rm (as root) will remove anything...
If mandatory access controls are ever put in place then access to these
devices will be controled. The user making the access will need to be
in the proper compartment/level/security posture to modify the targets.
The programs are not privileged. They just read/write/ioctl interfaces.
Privileges need to be granted only when normal user access is not possible.
ifconfig(8) would have to privleged if you wanted to grant any user the ability
to change the network state. Why is netstat setuid to root ? To gain the
ability to read statistics that are owned by root. If this is accessed via
the /proc/net where I may be able to grant user read access by file permissions
(a MUCH finer grained control than setuid) then netstat no longer needs to be
setuid.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil
Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:22 EST