what are the implications of shell doing setuid(getuid())?
Tony L. Hansen
hansen at pegasus.UUCP
Sat Sep 14 02:15:17 AEST 1985
I was recently asked what the implications would be of having the shell do a
setuid(getuid()) and setgid(getgid()) as soon as it's invoked. The reason is
to try and plug up any security holes caused by set[ug]id programs that
invoke system(3C) or popen(3S). What tools are there that anyone knows of
that would be broken if this change were made, locally, or for real?
Tony Hansen
ihnp4!pegasus!hansen
More information about the Comp.unix.wizards
mailing list