[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: exec and EXECSERVERS

From: Thomas Bushnell, BSG
Subject: Re: exec and EXECSERVERS
Date: 19 Dec 2002 16:17:52 -0800
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

prj@po.cwru.edu (Paul Jarc) writes:

> I don't know this Hurd stuff very well (or at all, nearly), but in
> Unix terms, I'd say whatever code sets uid=euid (if any) in a setuid
> situation should take responsibility for clearing dangerous
> environment variables (or any other attributes of the process state
> inherited from the pre-setuid situation).  As long as uid!=euid,
> dangerous environment variables can be safely preserved but ignored.
> Does the exec server set uid=euid?  (Or is that not meaningful in the
> Hurd?)

Except that this is totally non-Unix.  The kernel does not change your
SHELL environment variable when you do a setuid exec, nor should it.

It's normally the responsibility of a setuid program to be careful,
not the entity that starts it...

Whether an environment variable is "dangerous" is a very hard, very
non-local thing to determine, in general.  That's why a special hack
just for EXECSERVERS seems like a mistake.

The only reason it comes up is because Unix programs might get run on
the Hurd, and they don't know that the Hurd has a *new* dangerous
environment variable.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]