Subject: Re: execvee security
To: None <tech-kern@NetBSD.ORG>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
List: tech-kern
Date: 11/21/1995 12:07:40
> As execvee's purpose is to wrap binaries, it should be rather
> transparent.  This means if execve runs a wrapper which execvees a
> binary, it should look like we did an execve directly on the binary,
> apart from emul-assoc specification and option passing.  One area
> that this would not be true if we were not careful would be in the
> area of saved-ids.  In order to make this transparent execvee should
> not set the saved-ids at all, the execve that started the wrapper
> already took care of that.

How about making one of the options to execvee be something that
suppresses all ID fiddling, which will (a) disable setuid and setgid
bits on the wrapped binary and (b) not touch the saved IDs?  Then
wrapper uses of execvee just use that; other uses get what they expect.

					der Mouse