OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: open_as vs fuid
From: Andrew Brown (atatatatatdot.net)
Date: Sun Nov 05 2000 - 23:06:06 CST


> Has ANYONE in this thread considered that we already have a possibly more
> secure mechanism for this, that could be combined simultaneously with
> authentication for use by a non-suid program?
>
> See unix(4) and its description of passing fd's via a "cmsghdr".
>
>how does this fix ping & traceroute as they currently stand?

they could be changed to do this:

int
main(int argc, char *argv[])
{
        /* various declarations */
        int p[2];
        pipe(p);
        switch (fork()) {
        case -1: err(1, "fork");
        case 0: close(p[1]); suid_function(); exit(0);
        default: close(p[0]); setuid(getuid()); break;
        }
...

and then it could repeatedly ask for the sockets that it needs,
without you having to audit anything except suid_function().

-- 
|-----< "CODE WARRIOR" >-----|
codewarriordaemon.org             * "ah!  i see you have the internet
twofsonetgraffiti.com (Andrew Brown)                that goes *ping*!"
andrewcrossbar.com       * "information is power -- share the wealth."