bug-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Defualt socket server overriding


From: Wei Shen
Subject: Re: Defualt socket server overriding
Date: Tue, 7 Aug 2007 10:20:38 +0800

Hi,
 
Thanks for your reply.
 
On 7/31/07, olafBuddenhagen@gmx.net <olafBuddenhagen@gmx.net> wrote:
> (1) Should we disable the overrding mechanism for SUID or SGID
> processes ( e.g. substituting *__secure_getenv* for *getenv*).

Good question actually. I've no idea :-(

In theory, the user should not be able to run a server that has more
authority than the standard server. I'm not sure however how much stuff
relies on the behaviour of the servers -- whether there are situation
where a server behaving differently than the default implementation
could cause a suid program to do something it normally wouldn't do...
 
I think it is dangerous anyway if an ordinary user can affect the behaviour of a privileged process through environment variables, especially that since the overriding takes place in Glibc, the suid program may be bind about this. Consider that, a suid program relys on the infromation (like network configuration in the case of socket servers) returned by a default server to make some security decisions ...
 
Regards,
 
Wei Shen

reply via email to

[Prev in Thread] Current Thread [Next in Thread]