[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: exec and EXECSERVERS

From: Paul Jarc
Subject: Re: exec and EXECSERVERS
Date: Thu, 19 Dec 2002 19:06:43 -0500
User-agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i686-pc-linux-gnu)

tb@becket.net (Thomas Bushnell, BSG) wrote:
> Well, a setuid exec itself should disable EXECSERVERS.  But the
> environment variable might still get inherited, and seven layers of
> fork/exec later, do something nasty.  So that means that setuid exec
> should in fact clear EXECSERVERS in the passed environment.
> That's a nasty wart, however, having the *exec server* go mucking
> around with environment variables.

I don't know this Hurd stuff very well (or at all, nearly), but in
Unix terms, I'd say whatever code sets uid=euid (if any) in a setuid
situation should take responsibility for clearing dangerous
environment variables (or any other attributes of the process state
inherited from the pre-setuid situation).  As long as uid!=euid,
dangerous environment variables can be safely preserved but ignored.
Does the exec server set uid=euid?  (Or is that not meaningful in the

The counterargument is that doing things this way requires more
careful programming, and clearing dangerous environment variables
sooner means that buggy code will be merely buggy and not vulnerable.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]