I've been looking for an application interface for Glibc's __libc_enable_secure, because __libc_enable_secure is a libc internal function and isn't really intended to be used by applications (although it can be). This function gives a yes or no (0 or 1) to the program at run time to determine if the program is running with setuid or setgid, to decide whether to restrict the shell environment.
BSD's have issetugid(2), but Linux doesn't seem to have anything like it. uClibc has phased out __libc_enable_secure... it looks like they prefer each application to test for itself because there is no standard for this. This article: http://archives.neohapsis.com/archives/linux/lsap/2002-q4/0000.html says its best for this test to come from libc to reduce privilege escalation. I tracked down __libc_enable_secure to glibc-2.5/elf/enbl-secure.c, which is: void __libc_init_secure (void) { if (__libc_enable_secure_decided == 0) __libc_enable_secure = (__geteuid () != __getuid () || __getegid () != __getgid ()); } This is exactly the same as what an application would do without __libc_enable_secure, except it's at the libc level. BSD's issetugid(2) is a syscall, at the kernel level, and I think that's an advantage because it's less manipulatable by users and applications in userland, however it's inherently the same test. I didn't compare it to Linux's source, but it doesn't look particularly simple to clone. Are any of you familiar with this, or have comments to add? robert
pgpK2WRxISQaZ.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
