Date: Mon, 20 Apr 1998 12:04:24 -0400 (EDT) From: woods@zeus.leitch.com (Greg A. Woods) To: freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs Message-ID: <199804201604.MAA13296@brain.zeus.leitch.com> In-Reply-To: Niall Smart's message of "Sun, April 19, 1998 20:39:48 %2B0000" regarding "Re: suid/sgid programs" id <199804191939.UAA01293@indigo.ie> References: <marcs@znep.com> <199804191939.UAA01293@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
[ On Sun, April 19, 1998 at 20:39:48 (+0000), Niall Smart wrote: ] > Subject: Re: suid/sgid programs > > So you want an extra sgid kmem utility just because you like your curious > users to be able to see what your ccd configuration is? How useful is > that? Not very. Do it locally if you really must. That's bad advice for a general audience. Only a systems programmer who is extremely familiar with the rules for writing SUID code, and who can analyze the code in question and check for possible security problems, should ever even think of adding SUID to an existing binary. Alternately a SUID-code experienced systems programmer might instead derive a program from the utility in question that only generates reports. This is *exactly* the problem SGI/IRIX has/had -- too many programs were made SUID so that the average user running the GUI admin tools could poke around with the system. Unfortunately none of these programs seem to have gone through the normal rigorous design and programming audits one would expect for SUID code. On the other hand, for ccdconfig itself, if we assume the code was designed and written with the view that it would normally be SUID, then there's no reason why we should distrust it any more than anything else. Personally I'd be much more inclined to re-design the CCD driver interface such that it enforced superuser requirements on any operations that would change its configuration, and permitted normal users to query its status. Then there'd be no need for ccdconfig to be SUID in the first place. -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804201604.MAA13296>