Re: killing setuid programs

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: killing setuid programs

From:	Thomas Bushnell BSG
Subject:	Re: killing setuid programs
Date:	Tue, 29 Aug 2006 11:58:43 -0700
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Samuel Thibault <samuel.thibault@ens-lyon.org> writes:

> Roland McGrath, le Mon 28 Aug 2006 17:34:24 -0700, a écrit :
>> It sounds like you are describing the intended behavior.
>> You can't send a signal to a setuid program with kill.
>
>   For a process to have permission to send a signal to a process designated
>   by pid, unless the sending process has appropriate privileges, the real or
>   effective user ID of the sending process shall match the real or saved
>   set-user-ID of the receiving process.
>
> And setuid programs keep the real user ID set to Joe user's, so that Joe
> user can kill the program he launches.

This is not quite correct.

Most setuid programs do *not* keep the real user ID alone; instead,
the explicitly change it to match the effective user ID.  This is
important.  If the "passwd" program could be interrupted at will be
its caller, for example, then it might leave an incompletely written
and locked password file around.

Thomas

[Prev in Thread]

Current Thread

[Next in Thread]

killing setuid programs, Samuel Thibault, 2006/08/28
- Re: killing setuid programs, Roland McGrath, 2006/08/28
  - Re: killing setuid programs, Samuel Thibault, 2006/08/28
    - Re: killing setuid programs, Thomas Bushnell BSG <=
    - Re: killing setuid programs, Samuel Thibault, 2006/08/29

Prev by Date: Re: killing setuid programs
Next by Date: Re: killing setuid programs
Previous by thread: Re: killing setuid programs
Next by thread: Re: killing setuid programs
Index(es):
- Date
- Thread