On Fri, Jan 19, 2001 at 01:34:56AM -0500, Roland McGrath wrote: > > What about non-hurd-aware setuid/setgid programs which trust the > > authenticity of their config file based on its location within the > > filesystem? > [...] > > Am I missing something? > > Yes. You missed where I mentioned that setuid/setgid execs (called "secure > execs" in Hurd parlance) revert to the global root directory port. (Some > other ports that are ordinarily just inherited from the parent process also > get reset to secure values by a secure exec.)
Is this done by a library (e.g. libc) or by the kernel? In the first case it may be possible for a program to get that global root port, too. In the second case it is secure as long as the setuid are aware of it. One last thought. cp /bin/sh myroot chmod 6777 myroot/sh chroot myroot ./sh Now sh is a setuid/setgid program. Therefore, after the last command I'm at the global root again - escaped from prision.
