Peter Williams <pwil3058@xxxxxxxxxxxxxx> writes:
If you have the source code for the programs then they could be
modified to drop the root euid after they've changed policy. Or
even do the
Paul Davis wrote:
This is insufficient, since they need to be able to drop RT
scheduling and then reacquire it again later.
I believe that there are mechanisms that allow this. The setuid man
page states that a process with non root real uid but setuid as root
can use the seteuid call to use the _POSIX_SAVED_IDS mechanism to
drop and regain root privileges as required.
Which every system cracker knows. Any attack on such a program is
going to re-acquire root privileges and take over the system.
Temporarily dropping privileges gains no security whatsoever. It is
nothing more than a coding convenience.
The program remains *inside*
the system security perimeter.