Re: SUID server

[antirez <antirez () linuxcare com>]

On Sun, Oct 01, 2000 at 11:34:24AM +0100, Adam Langley wrote:
> Despite many peoples best efforts over many years, it seems that SUID programs
> cannot ever be secure. Just recently we have the traceroute bug - how long
> has traceroute been around?

SUID are often a problem _if_ bad coded, but I want to know
what is the excuse if traceroute does not drop privileges
after the raw socket and the data link layer are open.
To send arbitrary packets or to sniff the net isn't bad
as to gain root.
All guys in this list are able to audit 10 lines of code:
open the special sockets, drop privileges, do the work,
so what's the problem with traceroute?
It's a suid shipped with all OSes for years that does
not follows a secure programming FAQ:
Drop the privileges ASAP if you can.
The same problem with the ping program, that was too often
target of vulnerabilities (bofs, sig allarm bomb, ...).

regards,
antirez

--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.80 43 411 tel, +39.049.80 43 412 fax
antirez () linuxcare com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.