making fingerd non-root
Casper H.S. Dik
dik at uva.UUCP
Thu Jan 5 15:13:40 AEST 1989
mcgrew at topaz.rutgers.edu (Charles) writes:
>Concerning setuid-ing fingerd to make it not run as root, can anyone think
>of a reason of not setuid-ing finger to 'who'? That seems to be a fairly
>inoffensive uid...
>
>Charles
Making fingerd setuid to some 'innocent' user won't help.
The man page for execve states: If a program is setuid to a non-super-user,
but is executed when the real uid is 'root', then the program has the
powers of a super-user as well.
If you want fingerd to run as a unpriviliged process add a line
setuid(some-uid); to the source.
Casper Dik.
Casper H.S. Dik
University of Amsterdam | dik at uva.uucp
The Netherlands | ...!uunet!mcvax!uva!dik
[[ C'mon people, this really is a non-problem. The official "worm-killer"
patch distributed by Sun (and available in the Sun-Spots archives) has the
entire source to fingerd in it. The entire, recompilable, C source code.
So go stick a line in the source that does a setuid(X) for some value X.
--wnl ]]
More information about the Comp.sys.sun
mailing list