Date: Mon, 20 Apr 1998 23:28:42 +0000 From: Niall Smart <rotel@indigo.ie> To: freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs Message-ID: <199804202228.XAA01159@indigo.ie> In-Reply-To: woods@zeus.leitch.com (Greg A. Woods) "Re: suid/sgid programs" (Apr 20, 12:04pm)
next in thread | raw e-mail | index | archive | help
On Apr 20, 12:04pm, Greg A. Woods wrote: } Subject: Re: suid/sgid programs > [ On Sun, April 19, 1998 at 20:39:48 (+0000), Niall Smart wrote: ] > > Subject: Re: suid/sgid programs > > > > So you want an extra sgid kmem utility just because you like your curious > > users to be able to see what your ccd configuration is? How useful is > > that? Not very. Do it locally if you really must. > > That's bad advice for a general audience. Only a systems programmer who > is extremely familiar with the rules for writing SUID code, and who can > analyze the code in question and check for possible security problems, > should ever even think of adding SUID to an existing binary. > Alternately a SUID-code experienced systems programmer might instead > derive a program from the utility in question that only generates > reports. Absolutely, I didn't mean to give the impression that you should arbitrarily go round setuid'ing things to make your system "easier to use" :) > On the other hand, for ccdconfig itself, if we assume the code was > designed and written with the view that it would normally be SUID, then > there's no reason why we should distrust it any more than anything > else. Heh, I would sincerely hope that *all* set[ug]id programs are designed and programmed with the fact that they are such in mind. That doesn't seem to stop the exploits though, does it? :) Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org Annoy your enemies and astonish your friends: echo "#define if(x) if (!(x))" >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804202228.XAA01159>