Re: User-manageable sub-ids proposals

Pavel Machek (pavel@suse.cz)
Tue, 18 Dec 2001 00:17:03 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pavel Machek: "Re: [ANNOUNCE] HotPlug CPU patch against 2.5.0"
Previous message: Benjamin LaHaise: "Re: Configure.help editorial policy"

Hi!

> And we end up with a different solution:
> olduid=getuid();
> /* Allocate a uid with no privilegies */

Dangerous. Imagine:

while (1) {
fork();
setuid(getuid());
}

Now imagine you want to kill this beast.

> slaveuid=setruid_slave();
> set_acl("private-file", ACL_READ, slaveuid);
> set_acl("private-log", ACL_APPEND, slaveuid);
> seteuid(slaveuid);
> exec("dangerous-program");

Dangerous-program does while(1). How do you stop it?

see subterfugue.sf.net for way to sandbox your browser without kernel hacks.
Pavel

-- Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt, details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: [ANNOUNCE] HotPlug CPU patch against 2.5.0"
Previous message: Benjamin LaHaise: "Re: Configure.help editorial policy"