DragonFly kernel List (threaded) for 2008-02
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: dma user config
| From: | Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx> |
| Date: | Sun, 3 Feb 2008 13:50:34 -0800 (PST) |
:Running a setuid root binary or having root starting a setuid process=20
:doesn't make much of a difference, no?
:
:cheers
: simon
Huge difference. A suid-root binary is run by a user, in a context
provided by the user. e.g. environment variables, current directory,
resource limits, and other things. It's a huge security hole.
A root process run by another root process is run in a context
controlled by that other root process and not the user.
It is much, much safer to start as root and drop privileages in a
controlled environment then it is to start as a user and increase
privileages by exec'ing a suid-root binary.
-Matt
- References:
- dma user config
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- Re: dma user config
- From: Matthias Schmidt <matthias@dragonflybsd.org>
- Re: dma user config
- From: Matthias Schmidt <matthias@dragonflybsd.org>
- Re: dma user config
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: dma user config
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- Re: dma user config
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: dma user config
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- dma user config
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]