[nSLUG] chmod +s , cupsd restart

Peter Cordes peter at llama.nslug.ns.ca
Tue Jul 1 05:52:35 ADT 2003


On Tue, Jun 24, 2003 at 09:03:40PM -0300, peter wrote:
> On Sun, Jun 22, 2003 at 01:39:28AM -0300, Donald Teed wrote:
> > There must be a place for setuid root solutions, or else I
> > wouldn't be seeing applications such as ping and umount
> > with setuid bit turned on.
> 
>  If the job the program does is more complex than the authentication part,
> it's likely that there'll be exploitable bugs in it that using sudo for
> authentication wouldn't save you from. [... not very good reasons ...]

 I was reminded by a security announcement of a more significant reason for
why ping can be suid root more or less safely.  Programs that need root
privs to acquire resources can do that at startup, and drop root privs
immediately afterward.  If someone breaks ping, they have raw network
access, but not access to your disks, or anything else.  (Unless they can
use the network access to exploit something else...)  Writting an suid
wrapper for something not designed to be suid rules out the possibility of
dropping priviledges when they're no longer needed.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter at llama.nslug.n , s.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC




More information about the nSLUG mailing list