Correct
> Previously a privileged program would have to specifically set its UID
> and GID to obtain privilege. In other words, EUID was only checked on
Wrong. It checks euid always (e= effective)
> setuid()/setgid() calls. The call would fail if the EUID was not 0.
Wrong
> All other system calls would check UID/GID only and fail without
> privilege.
Wrong (they check euid - actually in Linux capabilities but thats the same
effect)
> Now I see the rules have been changed so that if the EUID *or* the UID
> are 0, the system calls are allowed to function as though the UID was 0.
> If this corresponds to later POSIX rules, the committee should consider
> the implications without regard to maintaining reverse compatibility.
Wrong (You also want SuS not Posix for this)
> Also, I think I have read (recently) that, for a program to function
> suid-root, it must be owned by root and exist in a root-owned directory.
Only if you are also running with Solar_Diz TPE patches.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/