Bugtraq mailing list archives
Re: Wiping out setuid programs
From: nmm1 () CUS CAM AC UK (Nick Maclaren)
Date: Sun, 10 Jan 1999 11:16:00 +0100
"D. J. Bernstein" <djb () CR YP TO> wrotes:
Costs. It shouldn't take more than five minutes for a kernel implementor to support getpeereuid(). For example, Linux has "struct ucred peercred" inside struct sock, and a SO_PEERCRED macro in sys/socket.h, used by the following four syscalls: . . . There's similar code to handle gid (and pid). The entire implementation is about twenty lines long.
Hmm. I admire the amount of careful design and validation that you seem to regard as necessary for kernel modifications. For example, consider the following sequence of operations: Process A running with effective uid fred and saved uid root creates a socket, and then changes to effective uid joe. Process B connects to the other end, process A changes to effective uid alf, and then process B calls getpeereuid. The following questions immediately spring to mind: 1) Which uid (fred, joe or alf) will it return? 2) Are there any circumstances under which it won't? 3) Is this the correct behaviour, anyway? 4) Are we sure that everyone will agree and do the same? This is definitely a facility that could be useful. But surely we know that designing operating system primitives for security enhancement needs long and careful thought, to avoid obscure and subtle design errors that cannot be fixed later? Regards, Nick Maclaren, University of Cambridge Computing Service, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Email: nmm1 () cam ac uk Tel.: +44 1223 334761 Fax: +44 1223 334679
Current thread:
- Re: Wiping out setuid programs Steve Bellovin (Jan 07)
- Re: Wiping out setuid programs Gene Spafford (Jan 08)
- <Possible follow-ups>
- Re: Wiping out setuid programs D. J. Bernstein (Jan 09)
- Re: Wiping out setuid programs Alan Cox (Jan 09)
- Re: Wiping out setuid programs Nick Maclaren (Jan 10)
- Bind 8.* bug. Alan Brown (Jan 11)
- Re: Wiping out setuid programs Neale Banks (Jan 11)
- Re: Wiping out setuid programs Steven M. Bellovin (Jan 09)
- Re: Wiping out setuid programs der Mouse (Jan 09)
- Re: Wiping out setuid programs D. J. Bernstein (Jan 10)
- Re: Wiping out setuid programs Niall Smart (Jan 12)