[ubuntu-hardened] Removing SUID on binaries that don't need it

Scott James Remnant scott at ubuntu.com
Thu Nov 29 15:31:12 GMT 2007


On Wed, 2007-11-28 at 21:28 -0500, John Richard Moser wrote:

> Theoretically, nobody cares.  Here's a good way to start a program:
> 
> int main() {

Race condition here.

>    drop_unneeded_caps();

And here.

>    setuid(uidof(nobody)); // uidof?  wtf?
>    // Not root anymore, not able to setuid(0) either
>    ...
>    return 0;
> }

Scott
-- 
Scott James Remnant
scott at ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071129/0c2de60b/attachment.pgp 


More information about the ubuntu-hardened mailing list