Re: Implementing a dynamic root id

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Marty Leisner: "Multiple scsi adapters, naming disks on scsi"
• Previous message: Malcolm Beattie: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"
• Next in thread: Y2K: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"
• Reply: Y2K: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"
• Reply: Richard Gooch: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"

> We thought of an simple scheme to counter this. We could dynamicly
> alocate the root ID. Meaning that somewhere in /proc, there is a file
> awating to be edited and that could change the root ID (and all of the
> processes that run whith this uid) from 0 to whatever I want, anytime,
> without rebooting my system. I understand that this would imply making
> some system calls lie about the actual ID's of the real root user, his
> processes and owned files.
Not only that, it would imply patching almost any security relevant Unix
software (sendmail, httpd, etc.) which check their uid to see if they have
magic root permissions. So everywhere you would need to replace
if(getuid()==0) with much more complicated code.

Andreas

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Marty Leisner: "Multiple scsi adapters, naming disks on scsi"
• Previous message: Malcolm Beattie: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"
• Next in thread: Y2K: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"
• Reply: Y2K: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"
• Reply: Richard Gooch: "Re: modutils (Re: cipe 1.2.0 & kernel 2.2.x)"