Re: Proposal: restrict link(2)

Kris Karas (ktk@ktk.bidmc.harvard.edu)
Mon, 16 Dec 1996 16:51:53 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jered Floyd: "Re: Reproducible SMP/SCSI Hangs under 2.0.xx"
Previous message: Lars Marowsky-Bree: "Re: Priviledge Groups"
Maybe in reply to: Thomas Koenig: "Proposal: restrict link(2)"

Date: Mon, 16 Dec 1996 15:37:21 -0500 (EST)
From: "Richard B. Johnson" <root@analogic.com>

I think that a program that is set 4755 (priv bits)...
a user with a UID of 100 and a GID of 100, I can set my executable file :
chmod 4755 foo
with foo.c containing setuid(0) ; setgid(0); system("bash");.....
and It does NOT spawn a root shell.

Of course not. SUID and SGID stand for "set user id" and "set group
id", not "set root id" and "set root group;" they are not "privilege
bits" per se. So your foo program, when invoked (4755), will set have
its userid set to be you, and the group id unaffected. Since you, as
a user, are not permitted to setuid(0), neither is your program. :-)

-- Kris

Next message: Jered Floyd: "Re: Reproducible SMP/SCSI Hangs under 2.0.xx"
Previous message: Lars Marowsky-Bree: "Re: Priviledge Groups"
Maybe in reply to: Thomas Koenig: "Proposal: restrict link(2)"