Re: [PATCH] (for 2.3.99pre6) audit_ids system calls

From: Steve Dodd (
Date: Wed May 03 2000 - 14:54:29 EST

On Tue, May 02, 2000 at 03:02:06PM -0700, Linda Walsh wrote:

> It is fairly trivial to write a suid program that somehow gives one a
> shell as another password -- no
> login or 'su' or password required. In fact I may *want* something like
> sendmail to run as my userid when it runs my mail filter, but that doesn't
> mean it really is ME running the the program -- it was run by a deamon.
> Same thing with an "suid" program. It could change my real and effective to
> something else. That doesn't mean I authenticated as that person.

So don't permit anything other than login to have CAP_SETRUID or some such.
sendmail should surely only ever need to set the *effective* uid to e.g. "law",
as long as it removes a CAP_SETEUID before running the filter.

In practice, it may be that the luid stuff may be the only way to avoid
rewriting lots of bits of userspace, and reprogr^Wre-educating lots of

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:13 EST