Isaac To wrote: > But yes, it is ugly. It might be better if any SGID program is also SUID > nobody, and re-acquire real user privilege only when required. But still, > it is ugly. That is not a viable approach unless the binary (and all other binaries owned by nobody) also is immutable. If the binary isn't immutable and someone finds a security breach in the program or one of the invoked sub-programs then they can easily replace the binary with a custom one, and if root (or another user) then runs this program in the beleif that it is the original one... -- Henrik Nordstrom
- Re: Troff dangerous. Olaf Kirch
- Re: Troff dangerous. Pavel Kankovsky
- Re: Troff dangerous. Warner Losh
- Re: Troff dangerous. Joel Eriksson
- Re: Troff dangerous. Pete
- Re: Troff dangerous. Robert Watson
- Re: Troff dangerous. Henrik Nordstrom
- SGID man Solar Designer
- Re: SGID man Henrik Nordstrom
- Re: SGID man Isaac To
- Re: Troff dangerous. Henrik Nordstrom
- Re: Troff dangerous. Yozo Toda
- Re: Troff dangerous. Eric Moore
- Re: Troff dangerous. Ville Nummela
- Re: Troff dangerous. Marco S Hyman
- Re: Troff dangerous. Jason Thorpe
- Re: Troff dangerous. Bob Beck
- Re: Troff dangerous. Ronny Cook
- Re: Troff dangerous. Steven M. Bellovin
- Re: Troff dangerous. Groovy Pants Gus
- Re: Troff dangerous. Dmitry Yu. Bolkhovityanov
