Date: Wed, 19 Feb 1997 09:32:00 -0800 From: Jim Shankland <jas@flyingfox.COM> To: caseq@magrathea.chance.ru, dg@root.com, jas@flyingfox.COM, rbezuide@oskar.nanoteq.co.za, security@freebsd.org Subject: Re: Coredumps and setuids .. interesting.. Message-ID: <199702191732.JAA16579@saguaro.flyingfox.com>
next in thread | raw e-mail | index | archive | help
David Greenman writes: > A correction...the signal sender need only match *either* the real or > effective uid of the signal receiver.... > > I actually didn't know it was this open until I read the manual page. I > believe this behavior is required by POSIX, so it's not likely something > that we would want to change. It's not only a standard, it's even useful. Think of a non-privileged client process that runs a setuid-somebody (not necessarily root) server process for, say, database access. The server process, being privileged, has unfettered access to the database, but permission-checks accesses requested of it by the client. The client may still want to signal the server process to abort a long-running query, for example. Jim Shankland Flying Fox Computer Systems, Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702191732.JAA16579>