Hello,
almost nobody answered to my mail once again. But I really want to know,
if our patch is something you like, or not!
And what about POSIX compliance? Do you think that it is good to modify
the behaviour of setuid() as I did? Please look at the patch:
ftp://ftp.v-lo.krakow.pl/pub/linux/patches/
For these who don't have enough time to download it, I put here part of
documentation, where it is mentioned how I modified setuid()...
WHAT'S GOING ON WITH setuid(2) AND setgid(2)?
This patch modifies the behaviour of these syscalls. Normal setuid(2)
drops all his priviledges if it was called by root, but doesn't if it
was called by normal user. Yes, it's because of POSIX.
But now let's see at zgv. It is written as if it was suid-root. So it
calls ioperm and then calls setuid to drop all his root priviledges.
But now, if we make zgv suid to 'svga' user. Our uid is other than 0,
so setuid won't change 'saved uid' and thus user will be able to setuid
to 'svga' user back! Let's suppose we didn't turn 'access only to graphics
card' option on. Now user has access to every device in the system!
So I changed it. Now every setuid drops all previous user's priviledges
and doesn't let setuid back. It's safe. It's logical. But it's not
compatible with POSIX. What a shame...
Regards,
-- Michal Kosek & Eryk SchillerYou should pay homage to my homepage http://www.v-lo.krakow.pl/klasa4e/dziady3.html (For Polish Linux lovers - rest won't understand...;)
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:28 EST