httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: setuid control WITHOUT running as root
Date Mon, 03 Jun 1996 04:18:52 GMT
On Sun, 2 Jun 1996, Robert S. Thau wrote:
> If by "that kind of security hole", you mean giveaway chowns, then it's
> not a security hole at all.  It's a feature that has no severe security
> implications (because the giveaway chown turns off the suid bit), *unless*
> something else (like a wrapper) comes along and treats file ownership in
> that environment for more than it's worth.  (The worst thing it ordinarily
> does is allow users to evade disk quotas, so it isn't a useful option on
> systems that have quotas, but everyone knows that going in).
> 
> The *combination* of giveaway chowns and something like the current
> sucgi-wrapper *is* pretty dangerous --- but my personal expectation is
> that if we were to release such code, and CERT were to get a report of
> nasty exploits, they'd come after us, and not the OS vendor.

I agree with this - suddenly making an OS feature which was safe before 
an unsafe operation is a bad thing.  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  |  We're hiring!  http://www.organic.com/Home/Info/Jobs/


Mime
View raw message