Re: How to exec a subtool as root

FROM : Sven A. Schmidt
DATE : Tue Jan 21 23:53:27 2003

On Montag, Januar 20, 2003, at 08:13  Uhr, ryan wrote:

> Hello,
>
> I have been thinking about the security model in Mac OS X and how to
> use the
> security framework to execute privileged commands.
>
> The documentation states that the use of
> 'AuthorizationExecuteWithPrivileges' should be limited to having a
> small
> tool self-exec to cause it to become setuid root.  After that point
> anytime
> someone calls that small tool it runs as user root.  This seems like a
> fairly big security hole to me.  Once you set a small tool setuid
> root, then
> someone could run it and do a buffer overflow, or some such naughty
> thing,
> and gain root access potentially.


Ryan,

I'm not sure if I can follow you on everything you're saying, but I
think there's a misunderstanding here: Even if you setuid(0) in a tool,
unless you are the super user calling that tool (or get super user
privileges by way of sudo), it will not be promoted to real and
effective uid 0.

From the setuid manpage:

DESCRIPTION
      The setuid() function sets the real and effective user IDs and the
saved
      set-user-ID of the current process to the specified value.  The
setuid()
      function is permitted if the effective user ID is that of the
super user,
      or if the specified user ID is the same as the effective user ID. 
If
      not, but the specified user ID is the same as the real user ID,
setuid()
      will set the effective user ID to the real user ID.

I might be missing your point completely, though...

Sven
_______________________________________________
cocoa-dev mailing list | <email_removed>
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.