Re: suid clarification
From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 10/31/05
- Next message: puzzlecracker: "Re: suid clarification"
- Previous message: Barry Margolin: "Re: fdopen, sockets, stdio"
- In reply to: puzzlecracker: "suid clarification"
- Next in thread: puzzlecracker: "Re: suid clarification"
- Reply: puzzlecracker: "Re: suid clarification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 31 Oct 2005 01:39:34 -0500
In article <1130641587.552562.88220@g14g2000cwa.googlegroups.com>,
"puzzlecracker" <ironsel2000@gmail.com> wrote:
> Here is my configuration:
>
> User A owns a program , let's call it printer that has suid bit set.It
> accepts a list of files from different users. For each such file, it
> should (if the file is readable by the actual user) and run a command,
> result of which should be writen to a file only writable by user A.
>
> User B passes run a program owned A.
>
> What happens if the user A doesn't any permissions for files readable
> by B, can it still run a command for the file is now accessed with
> effective permissions of A?
>
>
>
> Is it enough to chmod 644 output file (where the User's A program
> prints an output from the command)" to prevent any security holes?
The program should use seteuid() to change to B, open the input file,
then use seteuid() to change back to A and write the output file.
-- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me ***
- Next message: puzzlecracker: "Re: suid clarification"
- Previous message: Barry Margolin: "Re: fdopen, sockets, stdio"
- In reply to: puzzlecracker: "suid clarification"
- Next in thread: puzzlecracker: "Re: suid clarification"
- Reply: puzzlecracker: "Re: suid clarification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
