Date: Sun, 19 Apr 1998 19:21:59 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Niall Smart <rotel@indigo.ie> Cc: Marc Slemko <marcs@znep.com>, freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs Message-ID: <Pine.BSF.3.96.980419191830.4778A-100000@fledge.watson.org> In-Reply-To: <199804192309.AAA00431@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Apr 1998, Niall Smart wrote: > lpr can be setuid "lp" so that it can write to the print spool > directory, it has access to the file the user wants to print because > that is it's real uid. lpd can be root.wheel 770 and immediately > setuid to "lp" after opening the socket. (Or you could just disable > this silly priveledged socket scheme) In previous discussions, people have suggested adding a "sockets" group for which low port bindings are allowed. This might be implemented by using a sysctl that identifies the gid to the kernel (or something). Any program running with this in its groups would be allowed to bind low port number. This provides an immediate fix for having a bunch of daemons (and applications) running as root. Robert N Watson ---- Carnegie Mellon University http://www.cmu.edu/ Trusted Information Systems http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980419191830.4778A-100000>