[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

setgid binaries



Hi,

I've been thinking about group membership and the corresponding (weak)
restrictions to system resources. Consider the following:

    % cat > gsh.c

	main()
	{
	    system("/bin/sh");
	}

    % cc -o gsh gsh.c
    % id
    uid=100(joe) gid=500(users) groups=14(floppy),15(sound)
    % chgrp sound gsh
    % chmod g+s gsh
    % mail abuser
    Subject: You owe me $5...
    Hi ab!
    So the sysadmin stopped you using the sound card did he? Well
    if you will give me the money you promised, I'll solve that!
    .

The beauty of this is that once 'joe' has made this program he will always
have access to the sound card.. Even if the administrator tries to remove
him from the group too...

My problem with this is that the sys-admin is powerless to control the
allocation of groups on his system since the individual users have freedom
to share membership in this way. Is there a legitimate reason why users can
set programs to be setgid?

I'd like to hear people's comments.. Thanks.

[REW: There is NOTHING you can do to prevent people giving away the
access they have themselves. They can give their password away, and 
for example the above trick can be used to give just their group access
away....]


Andrew

-- 
        Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html
          libpwdb: http://parc.power.net/morgan/libpwdb/index.html



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]