|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] permissions and setuid
|
On Sat, Jun 02, 2001 at 03:59:37PM -0400, timo wrote:
> Would be appreciated. I like to see it.
Hey, I really will toss some sample code your way, but I have a
self-imposed Monday morning deadline to meet on one of my own
projects.
If I can, I'll take a quick break during the day tomorrow and see if
I can sketch some code and notes to help with this. I swear it's
really not hard; one does have to keep a number of things in mind
and account for them, especially as regards bounds checking and only
executing with privelege those commands which actually require it,
but once you've gone through the motions once the process is simple.
I may even have a generalized setuid-wrapper program lying around
somewhere that I can dig up, though it may be localized for Solaris.
If you, or anyone else on this list, is more anxious, you might
check out these two documents (a couple of the first links returned
by a google search for "setuid program"):
http://seclab.cs.ucdavis.edu/~bishop/scriv/1987a.pdf
http://www.delorie.com/gnu/docs/glibc/libc_456.html
I haven't looked at either in detail. The first seems to be a paper
(written by a UC Davis student), so it probably explains the
fundamental problems decently. The second is a page by a moderately
well-known security freak, DJ Delorie, who definitely knows what
he's talking about (and isn't a complete jerk like a certain other
IT security character whose first two initials are DJ...)
~ g r @ eclipsed.net
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|