[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On trusting its parent process
From: |
Jonathan S. Shapiro |
Subject: |
Re: On trusting its parent process |
Date: |
Tue, 11 Oct 2005 13:25:01 -0400 |
On Tue, 2005-10-11 at 17:13 +0200, Marcus Brinkmann wrote:
> The important thing here is that the suid application receives all the
> important stuff from the filesystem it resides on, NOT from the user
> that is starting the application. So even if the user is chrooted,
> the suid application will escape the chroot and see the real
> /etc/passwd file, or /servers/passwd server, or whatever.
That is a very clever design. Congratulations. What you are doing here
is a special case of the more general design pattern that I am
advocating.
shap