Ben Pfaff wrote:
You might find the following paper on the topic interesting:
http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf
the code in this paper is a perfect candidate for a gnulib module.
Sam Steingold wrote:
> > If so, the magic is
> >
> > /* This is for executables that have the setgid bit set. */
> > #if HAVE_SETREGID
> > setregid (getgid (), getgid ());
> > #else
> > setegid (getgid ());
> > #endif
> > /* This is for executables that have the setuid bit set. */
> > #if HA
Bruno Haible <[EMAIL PROTECTED]> writes:
> /* This is for executables that have the setgid bit set. */
> #if HAVE_SETREGID
> setregid (getgid (), getgid ());
> #else
> setegid (getgid ());
> #endif
> /* This is for executables that have the setuid bit set. */
> #if HAVE_SETREUID
> setreuid
Sam Steingold <[EMAIL PROTECTED]> writes:
> All I can do is to revert setuid for a dangerous operation.
> advice?
You might find the following paper on the topic interesting:
http://www.usenix.org/events/sec02/full_papers/chen/chen.pdf
--
"...dans ce pays-ci il est bon de tuer de temps en te
Bruno Haible wrote:
Sam Steingold wrote:
Please see the discussion here:
https://sourceforge.net/forum/message.php?msg_id=5611456
The discussion is here:
http://news.gmane.org/gmane.lisp.clisp.general/cutoff=12548
http://article.gmane.org/gmane.lisp.clisp.general/12533
Please don't recomm
Sam Steingold wrote:
> > The general opinion, among security aware developers, already for 10
> > years, is that the amount of code which is executed with setuid root
> > permissions should be minimal.
>
> this is all nice, but this does not answer my question.
> I agree that that it is not a good
> * Bruno Haible <[EMAIL PROTECTED]> [2008-11-11 02:24:10 +0100]:
>
> Sam Steingold wrote:
>> Suppose one has an application which is installed setuid root.
>> Suppose also the application has a feature (e.g., spawn an
>> interactive user shell) which should NOT be run as root - but as an
>> unpriv
Sam Steingold wrote:
> Suppose one has an application which is installed setuid root.
> Suppose also the application has a feature (e.g., spawn an interactive user
> shell) which should NOT be run as root - but as an unprivileged user instead.
> I suppose this is a fairly common operation ...
The
