Subject: Re: File names and security...
To: None <>
From: Andrew Brown <>
List: current-users
Date: 06/08/1997 13:54:32
>What if there were a sysctl that would do something like the following
>for every non-set-user-id exec():
>	if (!exec_with_priv_ok && (geteuid() == 0 || getuid() != geteuid())) {
>		if (getuid() != 0)
>			setuid(getuid());
>		else
>			setuid(UID_NOBODY);
>	}
>The exec_with_priv_ok flag would be a new extension to the exec() family
>for use by setguid programs that wish to pass on their privileges to a
>child process.  It could in fact be the value of the new sysctl flag by

while i can appreciate what you're trying to do, your sample code
would (if understand it) a) require the UID_NOBODY value to be
compiled into the kernel and b) would not work for the situation where
"exec_with_priv_ok" was unset and uid==euid==0.  this would end up
calling setuid(NOBODY).

rather than add yet another layer of "obscurity" and require changing
many programs, why don't "we" just "fix" the programs?

|-----< "CODE WARRIOR" >-----| (TheMan)        * "ah!  i see you have the internet                               that goes *ping*!"      * "information is power -- share the wealth."