Date: Sun, 19 Apr 1998 18:57:56 -0500 From: Karl Denninger <karl@mcs.net> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Niall Smart <rotel@indigo.ie>, Marc Slemko <marcs@znep.com>, freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs Message-ID: <19980419185756.38304@mcs.net> In-Reply-To: <Pine.BSF.3.96.980419191830.4778A-100000@fledge.watson.org>; from Robert Watson on Sun, Apr 19, 1998 at 07:21:59PM -0400 References: <199804192309.AAA00431@indigo.ie> <Pine.BSF.3.96.980419191830.4778A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 19, 1998 at 07:21:59PM -0400, Robert Watson wrote: > On Mon, 20 Apr 1998, Niall Smart wrote: > > > lpr can be setuid "lp" so that it can write to the print spool > > directory, it has access to the file the user wants to print because > > that is it's real uid. lpd can be root.wheel 770 and immediately > > setuid to "lp" after opening the socket. (Or you could just disable > > this silly priveledged socket scheme) > > In previous discussions, people have suggested adding a "sockets" group > for which low port bindings are allowed. This might be implemented by > using a sysctl that identifies the gid to the kernel (or something). Any > program running with this in its groups would be allowed to bind low port > number. This provides an immediate fix for having a bunch of daemons (and > applications) running as root. > > > Robert N Watson Yes, it does. However, lpd only needs root long enough to bind to the lpd port. Once that's done, it can setuid() itself to another UID. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/ | T1's from $600 monthly / All Lines K56Flex/DOV | NEW! Corporate ISDN Prices dropped by up to 50%! Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980419185756.38304>