Date: Sun, 7 Apr 2002 15:18:55 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: =?ISO-8859-2?Q?Pawe=B3_Jakub_Dawidek?= <nick@garage.freebsd.pl> Cc: freebsd-hackers@freebsd.org Subject: Re: Patch for setgroups(). Message-ID: <Pine.GSO.4.44.0204071517460.19282-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <20020407160118.A84861@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 7 Apr 2002, [ISO-8859-2] Pawe=B3 Jakub Dawidek wrote: > Hey. > > What do You think about this patch? > This can help non-root applications like apache etc. > For example when I got access to many files from many groups when attacke= r > will exploit this application he got access to all files, coz there is no > way to setgroups() if I am non-root and maybe only demon needs access to = all > files - child needs only access to files owned by one group. This breaks the (rare) case of using group membership for negative access control. --=20 jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk perl -e 's?ck?t??print:perl=3D=3Dpants if $_=3D"Just Another Perl Hacker\n"= ' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0204071517460.19282-100000>