I've got a patch that will disable setuid privileges except when
they're required to actually open files.
The patch was
written to work under FreeBSD. I'd appreciate it if folks running
Linux, Solaris, and whatever else could give it a spin and help me
make the patch friendly to multiple operating systems.
The
kind of folks who would help the most are those who use serial TNCs.
The patch has not been written to handle Linux kernel-mode AX.25
support. That will likely be written to handle capabilities,
something that was in one of the POSIX proposals but wasn't
included in the final revision. If FreeBSD had capabilities, I'd
have used them, but it doesn't.
Thanks for your help!
patch restricting setuid to required code
Logged In: YES
user_id=448632
Tried it on Linux: Doesn't work with AX.25 kernel ports.
I'm looking at tweaking it for that now. I'll try it with a
serial port TNC on the laptop soon, and probably Solaris as
well.
Also: Please set up your editor to insert spaces instead of
tabs. That's one of our requirements for sources. I fixed
my downloaded version of your patch already.
Thanks for doing this Jack, it's badly needed!
Logged In: YES
user_id=448632
Tweaked it slightly to work with AX.25 kernel mode
interfaces (Linux). More tweaking might be necessary for
other OS'es, but your patch is now committed to CVS.
Thanks again Jack!