unsubscrible

Fri, 10 Dec 1999 14:59:06 -0800 


-----Original Message-----
From: Brian <[EMAIL PROTECTED]>
To: RedHat Maillist <[EMAIL PROTECTED]>
Date: Saturday, December 11, 1999 6:23 AM
Subject: Re: setuid


>On Fri, 10 Dec 1999, Steve Lee wrote:
>
>> is that the s when you do chmod +x
>
>you mean when you do +s? yes.
>
>chmod 4000 filename  will add the setuid bit
>chmod +s filename will do the same.
>
>Brian
>
>
>>
>> On Fri, 10 Dec 1999, Brian wrote:
>>
>> > On Fri, 10 Dec 1999, Steve Lee wrote:
>> >
>> > >
>> > > what does it mean to run something setuid
>> >
>> > It means that when you run the program, the program changes to the uid
of
>> > the owner of the program.  So if you have a program and its owned by
root,
>> > and you make it setuid root and executable  (chmod 4755), then anyone
who
>> > runs that program, will be doing the operations of that program as if
they
>> > were in fact root.
>> >
>> > Take "passwd" for example:
>> >
>> > -r-s--x--x   1 root     root        22312 Sep 25 10:52 /usr/bin/passwd
>> >
>> > You know, that as user joeblow, you do not have write permission to
>> > /etc/passwd or /etc/shadow.  Yet you can run the "passwd" program, and
>> > change your passwd (which writes to /etc/passwd and /etc/shadow).  How
is
>> > this possible?  Because the program is "setuid root", meaning when it
>> > runs, it runs as if it were root.  So that even though you cannot write
>> > /etc/passwd, the /usr/bin/passwd program CAN since it runs as if it
were
>> > root.
>> >
>> > setuid programs can open a whole slew of security problems.  Race
>> > conditions, incomplete path names, poor enviroment, etc, are just the
tip
>> > of the iceburg.  Lots of caution to anyone who decides to setuid a
>> > program.
>> >
>> > Brian
>> >
>> >
>> > >
>> > >
>> > > --
>> > > To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe"
>> > > as the Subject.
>> > >
>> >
>> > -----------------------------------------------------
>> > Brian Feeny (BF304)     [EMAIL PROTECTED]
>> > 318-222-2638 x 109 http://www.shreve.net/~signal
>> > Network Administrator   ShreveNet Inc. (ASN 11881)
>> >
>> >
>> > --
>> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
>> > as the Subject.
>> >
>>
>>
>> --
>> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
>> as the Subject.
>>
>
>-----------------------------------------------------
>Brian Feeny (BF304)     [EMAIL PROTECTED]
>318-222-2638 x 109 http://www.shreve.net/~signal
>Network Administrator   ShreveNet Inc. (ASN 11881)
>
>
>--
>To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
>as the Subject.
>


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to