On Fri, 03 Nov 2000 10:58:41 PST, Thor Lancelot Simon wrote:
>A nice mechanism is to have programs that used to be setuid become setgid;
>they can then exec tiny setuid programs that are executable only by the
>appropriate group, which can then pass them back the descriptors they need.
>This technique is simple, elegant, and has the benefit that it completely
>isolates all code that runs with root privileges, so it's much easier to
>verify.

Yep.  I've used a simple set-uid tool which does binding of reserved
sockets this way.  An ftp proxy for instance calls bind_port() which
does the binding directly if possible, otherwise invokes the set-uid
tool to do it.  The library call and tool are both compiled from the
same .c file - so its easy to be sure they do things the same way.

>Note that I've moved this discussion to tech-security/tech-kern as it
>seems more appropriate there.

My subscriptions to thos lists are still directed at a machine which
is down (has been for months) so pls cc me if you want response.

--sjg