[Linux-disciples] Setuid/setgid
Stephen R Laniel
steve at laniels.org
Sat Nov 19 23:49:19 EST 2005
On Sat, Nov 19, 2005 at 11:39:43PM -0500, Dylan Thurston wrote:
> You have to be very careful about what other files that user can write
> to. For instance, if you have two programs that are setuid 'nobody',
> then one could potentially compromise the other. There were several
> security bugs involving programs that were setuid 'games', for
> instance.
Right. I'm definitely aware of that; I actually find it
ironic that user 'nobody' often owns a lot of files for a
lot of programs. I prefer to run setuid/setgid with a
daemon-specific user (one user per blog, one for bind,
etc.). I can't imagine that's the sort of setuid/setgid use
they were warning about.
--
Stephen R. Laniel
steve at laniels.org
+(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20051119/39189829/attachment.pgp
More information about the Linux-disciples
mailing list