Re: Problem running a setuid Perl script on CentOS 4.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> Good suggestions.  Also keep in mind that you don't always suid to
> root.  You can also suid to another user (which seems to be the case
> here).
Sure.  Just like login does.

Actually, want I would really like to see is the ability to mark
certain sections of code to be ran as another user, but to do this
marking at build time rather than using a elevation and de-elevation
algorithm.  This avoids the problem of someone being able to in
non-elevated mode call elevate, as the code was immutabley marked at
build time to run at whatever privilige level it was set too.

This is not UNIX's current model, and it might just be a half-brained
idea, but it seems to me it would get past the major weaknesses of
setuid programs.

Cheers...james
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux