On Mon, Sep 04, 2000 at 11:12:31AM +0400, Nalim wrote: > I've seen addauth program. As I > understand user can add new privileges > himself. But it is dangerous for > security. Am I wrong?
IIRC, if the addauth process doesn't have the privileges you're adding to another process, it tries to get them from the password server. For that to work, you need to know the password of the user whose rights you're giving to a process. So no danger there. I'm more worried about the other program (was it called rmauth?) which lets you remove rights from processes. Setuid programs often temporarily switch to the real UID before accessing user-specified files etc.. Now what happens if you remove your own UID from the program so that the switch fails? Are programs written to notice that? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
