Sam Steingold wrote: > > The general opinion, among security aware developers, already for 10 > > years, is that the amount of code which is executed with setuid root > > permissions should be minimal. > > this is all nice, but this does not answer my question. > I agree that that it is not a good idea to run a large application > setuid root
Fine. > Please see the discussion here: > https://sourceforge.net/forum/message.php?msg_id=5611456 The discussion is here: http://news.gmane.org/gmane.lisp.clisp.general/cutoff=12548 http://article.gmane.org/gmane.lisp.clisp.general/12533 Please don't recommend URLs to https://sourceforge.net/forum/ any more - I refuse to read discussions in an advertisement loaded environment. In that discussion, - Fare says that he has some Lisp-based executables that are setuid root, - You insist on having an option that, given a Lisp-based executable, allows to get into a REP loop for that executable. Taken together, it means that every setuid Lisp-based executable allows every user to take control of the machine. > All I can do is to revert setuid for a dangerous operation. Is the REP loop above the "dangerous operation" you are talking about? If so, the magic is /* This is for executables that have the setgid bit set. */ #if HAVE_SETREGID setregid (getgid (), getgid ()); #else setegid (getgid ()); #endif /* This is for executables that have the setuid bit set. */ #if HAVE_SETREUID setreuid (getuid (), getuid ()); #else seteuid (getuid ()); #endif Bruno
