From owner-freebsd-security Sat Oct 20 6:31:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.yadt.co.uk (yadt.demon.co.uk [158.152.4.134]) by hub.freebsd.org (Postfix) with SMTP id F1C0C37B409 for ; Sat, 20 Oct 2001 06:31:37 -0700 (PDT) Received: (qmail 37154 invoked from network); 20 Oct 2001 13:31:35 -0000 Received: from unknown (HELO mail.gattaca.yadt.co.uk) (qmailr@10.0.0.2) by yadt.demon.co.uk with SMTP; 20 Oct 2001 13:31:35 -0000 Received: (qmail 52449 invoked by uid 1000); 20 Oct 2001 13:31:34 -0000 Date: Sat, 20 Oct 2001 14:31:34 +0100 From: David Taylor To: Tomek Cc: freebsd-security@FreeBSD.ORG Subject: Re: Making almost everything non-root Message-ID: <20011020143134.B41471@gattaca.yadt.co.uk> Mail-Followup-To: Tomek , freebsd-security@FreeBSD.ORG References: <0e3a01c15964$fd88fee0$f6f073d1@mpionline.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <0e3a01c15964$fd88fee0$f6f073d1@mpionline.com>; from tomek@mpionline.com on Sat, Oct 20, 2001 at 06:44:42 -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 20 Oct 2001, Tomek wrote: > login info and actually running shells. Is there a way to on-the-fly > make a running PID a different user given the proper login information? Yes. It involves running as root and calling set*id()... > NOTE: I do not understand why programs have not been designed this way. > I know it may be a slight inconvenience for login programs, but until > the user enters root login information, I do not see a strong argument > for giving the program root privileges in the first place. > Because they need root privileges to change the UID of a process... -- David Taylor davidt@yadt.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message