>>>>> On Sun, 29 Jul 2018, Michael Orlitzky wrote: > After thinking about this for a while, I think we should ignore setgid > but not setuid executables. The problem with setuid and a non-root owner > is that the owner can always exploit the situation:
> Suppose /bin/foo is owned by "foo" and setuid. If root (or any other > privileged user) is about to run /bin/foo, then the "foo" user can > simply strip away the setuid bit and fill /bin/foo with malicious code. Staying with the man:man example, how would anybody become the "man" user, in the first place? That user has /bin/false as a shell and no valid password. > The same situation with setgid is safe because (as far as I know) > members of the group can't strip off the setgid bit. Setgid executables shouldn't be group writable, so I believe that part of the test is fine as-is in v1 of your patch. Ulrich
pgppMBCz_RDB1.pgp
Description: PGP signature