Re: strace security <feature>

Brandon S. Allbery KF8NH (allbery@kf8nh.apk.net)
Thu, 30 Dec 1999 13:18:50 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark Mokryn: "Re: sleep_on, wake_up question"
Previous message: Alan Cox: "Re: Sealevel 4021 raw capture"
Maybe in reply to: Richard B. Johnson: "strace security <feature>"

In message <E123gu6-000321-00@the-village.bc.nu>, Alan Cox writes:
+-----
| > Now I see the rules have been changed so that if the EUID *or* the UID
| > are 0, the system calls are allowed to function as though the UID was 0.
| > If this corresponds to later POSIX rules, the committee should consider
| > the implications without regard to maintaining reverse compatibility.
|
| Wrong (You also want SuS not Posix for this)
+--->8

It might be worth reminding people that some shells (notably bash) will
check if EUID != UID and reset the EUID to the UID on startup, unless a
particular option (-p on bash) is given. IOW, testing the above with a
setuid shell script won't work unless its startup line is "#! /bin/bash -p"
(or /bin/sh in place of /bin/bash).

-- brandon s. allbery os/2,linux,solaris,perl allbery@kf8nh.apk.net system administrator kthkrb,heimdal,gnome,rt allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering kf8nh We are Linux. Resistance is an indication that you missed the point.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Mokryn: "Re: sleep_on, wake_up question"
Previous message: Alan Cox: "Re: Sealevel 4021 raw capture"
Maybe in reply to: Richard B. Johnson: "strace security <feature>"