On Tue, Jun 05, 2001 at 04:27:21PM +0200, Robert Bihlmeyer wrote: > > Nobody is just another user, though usually with special semantics. > > Hmm, all the security punduits continously preach that "nobody" was > only meant as a no-rights-at-all target to map root to in NFS. > "nobody" actually owning stuff is a big no-no.
As a matter of fact, as no valid uid maps to the Hurd nouser, this is not only a big no-no, but an impossibility (without hexediting the filesystem). > So I count that not as > just another user. I'd actually wager that "nobody" was in fact an > attempt to emulate the concept of an empty id set (or empty capability > set) in Unix semantics. > > If that's correct, unifying them may be good. May be I'm missing > something, though. I see. Will the following scenario work? glibc is changed, so that "setuid(-1)" means: Drop all (effective?) user ids. Change the nobody entry in the passwd file so that it lists -1 as uid. This will make Unix programs which conventionally switch to user nobody very safe (because they will run without any privileges). If could make some tests in this direction... Thanks, Marcus -- `Rhubarb is no Egyptian god.' Debian http://www.debian.org [EMAIL PROTECTED] Marcus Brinkmann GNU http://www.gnu.org [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.marcus-brinkmann.de
