Vulnerability Development mailing list archives
Re: SUID server
From: Kay Three <k3kay3 () HOTMAIL COM>
Date: Wed, 11 Oct 2000 00:30:38 -0000
In regards to methods in which to handle the server exicution of the backend programs, would it not be easier to write one standard frontend that does all the parsing and communicating with the server (perhaps encrypted?) and have the server exicute standard binaries (secured in a private directory)? take your traceroute example, the binary is in a private directory, chmod -x to all users except root (or whatever UID the suid server is running as) the user runs the suid-client interface, he or she enters command line type arguments, the client and server then exchange information and the server exicutes traceroute as a forked process. in this scenario it is a) not possible for the user to exicute the program without being uid=0, and b) durring the exicution the user requesting the exicution cannot benifit by a seg fault, etc. if in anyway these ideas are not benaficiary to the cause, just say so. i will probably impliment this idea into my linux variant system i am in the process of creating... =^) (any objections...?) -Kay3
Current thread:
- SUID server Adam Langley (Oct 01)
- Re: SUID server antirez (Oct 02)
- Re: SUID server Philipp Buehler (Oct 02)
- Re: SUID server J C Lawrence (Oct 02)
- Re: SUID server Philipp Buehler (Oct 03)
- Re: SUID server J C Lawrence (Oct 02)
- <Possible follow-ups>
- Re: SUID server Kay Three (Oct 10)