Subject: Starting daemons in rc as non-root
To: None <netbsd-help@NetBSD.ORG>
From: Jeff Weisberg <jaw@op.net>
List: netbsd-help
Date: 08/16/1996 11:52:45
melody@voicenet.com said:
| On Mon, 12 Aug 1996, Michael Richardson wrote:
|
| >
| > > What we do here is chmod ircd to 4755 and change the ownership to ircadmin. :)
| >
| > Given the buffer overflow problems that have crept up in ircd, this is
| > tantamount to giving people your root password. Does ircd know how to give up
| > its root priveledges in the saved uid?
|
| Ahhh! But you see, we're not changing the UID of ircd to root, but to
| ircadmin.. so even if they flood ircd, they can only affect the ircadmin
| account (which is routinely backed up anyway) :)
No.
Running the setuid executable changes the EUID to ircadmin,
the UID remains root.
renoir-p1-root 61% chmod 4755 uid
renoir-p1-root 63% chown irc uid
renoir-p1-root 65% ./uid
UID EUID GID EGID
0 26 0 0
easily exploitable.
--jeff