From: John B. <bel...@cs...> - 2001-05-08 20:18:50
|
On Tuesday, May 8, 2001, at 01:12 PM, Ann W. Harrison wrote: > At 11:17 AM 5/8/2001 -0700, John Bellardo wrote: > .... >> Now everyone can fully use gsec without a password. > > Yes... > >> Introduce this dpb option and the problem is solved. I'm sure there >> are >> many other programs this may find a use for this, but gsec was my >> primary >> motivation. I have updated my copy of gsec, and it works as >> advertised. > > OK, I think I follow - the doctored gsec is the only one installed with > setuid, so no one can copy a gsec from elsewhere and just run it to get > at whatever data you're protecting... It still bothers me. > Right, root is the only user who can install a setuid root program. So there is 1 trusted gsec (the setuid one installed by root). Any user can compile another version of gsec, but they can't make it setuid root. Likewise if a user tries to copy the executable the new copy looses the root permissions, so no problem there either. It may seem odd at first, but it is very standard in *nix. Programs like "ps" are setuid root because they need to access special kernel memory to work. They act like trusted gatekeepers. -John |