tech-userlevel: Re: proposed: /usr/src/usr.bin/tcfs/*, needs gdbm, some SUID programs

Subject: Re: proposed: /usr/src/usr.bin/tcfs/*, needs gdbm, some SUID programs
To: David Young <dyoung@pobox.com>
From: VaX#n8 <vax@carolina.rr.com>
List: tech-userlevel
Date: 08/20/2004 18:31:41

In message <20040820021634.GW27477@che.ojctech.com>, David Young writes:
>What do the suid programs do?  Why do they need to be suid at all?

Cursory analysis:

It appears the SUID programs need root to perform:

mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);

This appears to be how TCFS pushes keys into the kernel for
use in decrypting files.

In fact, that's virtually all the SUID programs do.
They're pretty minimal - 187 lines of code, including comments.

It would be pretty trivial to make all these programs sub-commands
of the same program, so that there's only one SUID bin to worry about.