Guide to writing secure setuid programs?
John Chambers
jc at minya.UUCP
Mon Mar 21 12:33:04 AEST 1988
> A much better approach would be to have a pseudo-user for for whatever
> facility you were creating, and a _short_, _auditable_ setuid program,
> without shell escapes and other similar nonsense, to deposit things in
> the spool directory.
A program that does exactly this was posted to one of the sources group
a couple of years back, under the name "append.c". Perhaps it's time
to post it again. Or is it archived in one or the source newsgroups?
It was also a Unix implementation of a Multics security feature. It's
also a good counter-example to the frequent claims that all setuid programs
are Bad Things.
--
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)
More information about the Comp.unix.wizards
mailing list