[ubuntu-hardened] Removing SUID on binaries that don't need it
Scott James Remnant
scott at ubuntu.com
Thu Nov 29 15:31:12 GMT 2007
On Wed, 2007-11-28 at 21:28 -0500, John Richard Moser wrote:
> Theoretically, nobody cares. Here's a good way to start a program:
>
> int main() {
Race condition here.
> drop_unneeded_caps();
And here.
> setuid(uidof(nobody)); // uidof? wtf?
> // Not root anymore, not able to setuid(0) either
> ...
> return 0;
> }
Scott
--
Scott James Remnant
scott at ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071129/0c2de60b/attachment.pgp
More information about the ubuntu-hardened
mailing list