>>>>> On Sun, 29 Jul 2018, Michael Orlitzky wrote:

> After thinking about this for a while, I think we should ignore setgid
> but not setuid executables. The problem with setuid and a non-root owner
> is that the owner can always exploit the situation:

> Suppose /bin/foo is owned by "foo" and setuid. If root (or any other
> privileged user) is about to run /bin/foo, then the "foo" user can
> simply strip away the setuid bit and fill /bin/foo with malicious code.

Staying with the man:man example, how would anybody become the "man"
user, in the first place? That user has /bin/false as a shell and no
valid password.

> The same situation with setgid is safe because (as far as I know)
> members of the group can't strip off the setgid bit.

Setgid executables shouldn't be group writable, so I believe that part
of the test is fine as-is in v1 of your patch.


Attachment: pgppMBCz_RDB1.pgp
Description: PGP signature

Reply via email to