Vulnerability Development mailing list archives
Re: SUID server
From: Kay Three <k3kay3 () HOTMAIL COM>
Date: Wed, 11 Oct 2000 00:30:38 -0000
In regards to methods in which to handle the
server exicution of the backend programs, would it
not be easier to write one standard frontend that
does all the parsing and communicating with the
server (perhaps encrypted?) and have the server
exicute standard binaries (secured in a private
directory)?
take your traceroute example,
the binary is in a private directory, chmod -x to
all users except root (or whatever UID the suid
server is running as)
the user runs the suid-client interface, he or she
enters command line type arguments, the client and
server then exchange information and the server
exicutes traceroute as a forked process. in this
scenario it is a) not possible for the user to
exicute the program without being uid=0, and b)
durring the exicution the user requesting the
exicution cannot benifit by a seg fault, etc.
if in anyway these ideas are not benaficiary to
the cause, just say so. i will probably impliment
this idea into my linux variant system i am in the
process of creating... =^) (any objections...?)
-Kay3
Current thread:
- SUID server Adam Langley (Oct 01)
- Re: SUID server antirez (Oct 02)
- Re: SUID server Philipp Buehler (Oct 02)
- Re: SUID server J C Lawrence (Oct 02)
- Re: SUID server Philipp Buehler (Oct 03)
- Re: SUID server J C Lawrence (Oct 02)
- <Possible follow-ups>
- Re: SUID server Kay Three (Oct 10)