Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!lll-lcc!styx!ames!ucbcad!ucbvax!hplabs!hp-sdd!ucsdhub!sdcsvax!hutch From: hutch@sdcsvax.UCSD.EDU (Jim Hutchison) Newsgroups: comp.unix.wizards Subject: Re: System V job control idea Message-ID: <3077@sdcsvax.UCSD.EDU> Date: Sun, 3-May-87 16:36:42 EDT Article-I.D.: sdcsvax.3077 Posted: Sun May 3 16:36:42 1987 Date-Received: Sun, 3-May-87 23:43:26 EDT References: <337@tdi2.UUCP> <7987@utzoo.UUCP> Reply-To: hutch@sdcsvax.UCSD.EDU (Jim Hutchison) Organization: UCSD EMU Project (Educational Microcomputer Unix) Lines: 32 In article <7987@utzoo.UUCP> henry@utzoo.UUCP (Henry Spencer) writes: >> Aside from the inhibition of setuid (which should be reconsidered for this >> application, maybe; what kind of ``fraud'' is it designed to prevent?)... >The obvious kind: modifying the code of a setuid program. Adb! No wonder sysV does not come with it, it's a security hole! :-) >Note that being able to suspend a setuid program is in itself a security >defect (the program may be in the middle of updating a database, may have >things locked, etc.), so being unable to run setuid programs in such a >setup isn't necessarily a flaw. On the other hand, setuid programs which allow you to suspend themselves during a crucial period are already flawed. If it is important to do something without getting interrupted by something of a lesser nature, kerneloids put in an spl() of the appropriate level. In setuid programs you put in a signal handler which says "Just a minute, I'm in the bathroom.", or some such, in order to not get caught with your shorts down. :-) Agreed, modifying the external environment does change the environment in which the programs where originally targeted for, and thus makes this an unfair request. :-( The creature you see as a flaw is not really in the ability to suspend a setuid program, just doing it at a bad time (ignoring adb & c.). To nail it down, you can "suspend" an su'd shell, you aren't proposing rm'ing that are you? Ofcourse not. -- Jim Hutchison UUCP: {dcdwest,ucbvax}!sdcsvax!hutch ARPA: Hutch@sdcsvax.ucsd.edu Disklame'r: One greater than the greatest signature representable with 184 symbols.