At 8:23 PM -0500 1/17/03, William H. Magill wrote:
Every process DOES start out running as root and the process itself
must make the effort to change to another userid.
I'm not at all sure that this is true. A process that is forked off
of init will start out as root. If init's code doesn't cause it to
change its UID, it will remain running as root, even after it execs
a different set of code.
OTOH, if I run a C program from the command line, my shell process
will fork, yielding two copies of the shell process, both of which
are running as "rdm". One of these will then exec the C program,
again as "rdm".
This issue has always been a big security
complaint with Unix. Because daemons started from RC have to make the
effort to run as something OTHER than root, lazy programmers have
allowed them to run as root and avoid making the necessary changes to
their code to have the daemon run as some other userid. Before
Apache, most web servers DID run as root for that simple reason. And
that issue is one of the ones which drove acceptance of Apache.
So, the issue is in the way rc files are implemented, not with the
Unix fork/exec infrastructure.
Till Apple completes its StartupItems transition, we'll just have to
use tricks like su or sudo to run startup jobs as some other userid
than root.
Yep.
-r
P.S. I ran into an amusing bug in SunOS a decade or so ago. You could
su on your local machine, then su to nobody, then rlogin to another
machine, ending up with a root session on the remote machine. The
code in rlogin did a setuid to "nobody", failed, ignored the error,
and gave you a root shell!
--
email: [EMAIL PROTECTED]; phone: +1 650-873-7841
http://www.cfcl.com/rdm - my home page, resume, etc.
http://www.cfcl.com/Meta - The FreeBSD Browser, Meta Project, etc.
http://www.ptf.com/dossier - Prime Time Freeware's DOSSIER series
http://www.ptf.com/tdc - Prime Time Freeware's Darwin Collection
