Subject: Re: commoning up code that changes uids and gids
To: David Laight <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 03/05/2003 04:19:54
[ On Wednesday, March 5, 2003 at 01:37:12 (+0000), David Laight wrote: ]
> Subject: Re: commoning up code that changes uids and gids
> > It is never ever safe to allow a process to return to a raised level of
> > privilege after it has been running at a lower level of privilege.
> It is safe to drop privilege in order to do certain actions.
> Even C3 security allows that.
Yes, of course, but it's never safe in a system using the unix security
model to raise privileges again in the same process. It never has been
and it never will be, and there have been several very wide-spread and
serious security bugs in various system to remind you of this fact too.
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>