[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: suid



On Thu, 12 Feb 1998, Peter L. Peres wrote:

>
>I don't know why this discussion exists. I am not an expert, but I know
>that suid anything is a very bad idea, including and especially shell
"Suid anything" - yes. But suid itself - not. Just use it only when you
can't do without (least privilege principle).

>You will argue that an X server must be suid to be run by a user, and I'll
NOT here. there are wrappers and xdm.
>say yes, but he shall not be able to execute it. Want an X session ? The
>system provides one if logging in with the correct login for this. It's
>all in the setup habits.

>There are suid-less solutions for anything. A named pipe in the system,
Not quite. At least, not in convenient way. At least sudo should be suid
;)
>where you can send commands authenticated by a password, is a way to allow
>users to do things in limited ways.
>
>Also, normal mortal users should not be able to run any kind of command
>with suid privileges, and certainly no suid scripts of any kind. 
What about ping? passwd? rewriting all this via pipes and stuff would be
painful...

>imho there should be a compiler flag that would be set automatically and
>prevent any kind of suid for any program not compiled by root, or a list
Don't get the idea... How compiler knows that program it compiles gonna be
suid-ed? Or why should I compile under root? Generally, the rule is "never
go root unless you must"... Just to be sure :) 
>of programs allowed to suid in a database built into the kernel. 
Are you kidding? Have too small kernel?
--
frodo@sharat.co.il	\/  There shall be counsels taken
Stanislav Malyshev	/\  Stronger than Morgul-spells
phone +972-2-5369213	/\  		JRRT LoTR.
http://www.sharat.co.il/frodo/   whois:SM719-RIPE@whois.ripe.net