double setuid programs
utzoo!decvax!ucbvax!unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Thu Oct 15 22:50:44 AEST 1981
>From Lepreau at UTAH-20 Thu Oct 15 21:06:16 1981
I think that a more elegant solution, which would also have other
benefits, would be the addition of the system calls xchuid() and
xchgid()-- exchange real and effective id's. Eric Scott proposed this
some time ago as a means of "temporarily disabling ones privileges,"
and would also solve your mkdir problem. Looked at slightly
differently, it might also be useful by setuid programs which wanted
to only "temporarily ENABLE their privileges." Thus programs which
currently could never be made setuid because of security holes, could
be more safely made setuid by only "enabling" themselves in limited
sections of code.
Jay Lepreau
-------
More information about the Comp.unix.wizards
mailing list