Hi, Thanks for your reply.
On 7/31/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > (1) Should we disable the overrding mechanism for SUID or SGID > > processes ( e.g. substituting *__secure_getenv* for *getenv*). > > Good question actually. I've no idea :-( > > In theory, the user should not be able to run a server that has more > authority than the standard server. I'm not sure however how much stuff > relies on the behaviour of the servers -- whether there are situation > where a server behaving differently than the default implementation > could cause a suid program to do something it normally wouldn't do... I think it is dangerous anyway if an ordinary user can affect the behaviour of a privileged process through environment variables, especially that since the overriding takes place in Glibc, the suid program may be bind about this. Consider that, a suid program relys on the infromation (like network configuration in the case of socket servers) returned by a default server to make some security decisions ... Regards, Wei Shen
_______________________________________________ Bug-hurd mailing list Bug-hurd@gnu.org http://lists.gnu.org/mailman/listinfo/bug-hurd
