[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
  Web www.spinics.net

Re: [PATCH] pam_exec questions and possible patch

> setuid(geteuid()) seems an obvious no-op to me (unless the calling
> application happens to have euid of root, and in that case it's the
> real user id that's being set, to root) and a test application I wrote
> seems to confirm this.

Your own argumentation above shows you that it is no no-op. Look at
your own example, something changes, which is important if you call
executeables after fork() or with exec*().


The _only_ reason anything changes in my example is because the euid
of the calling process happens to be root and the setuid function has
special behaviour in that case.  Setting the real user id is
practically pointless though as all security checks are made against
the euid.

I am thinking about making the run_as_user option set both real and
effective user ids more explicity.

I think one problem we might be having is that you intend seteuid to
give the exec'ed program more permissions than it would normally get,
and I'm intending the exec'ed program to have fewer permissions than
it would normally get.  I still don't think that the seteuid works the
way you intend it to though.

Pam-list mailing list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux