Subject: Re: commoning up code that changes uids and gids
To: David Laight <david@l8s.co.uk>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 03/05/2003 04:19:54
[ On Wednesday, March 5, 2003 at 01:37:12 (+0000), David Laight wrote: ]
> Subject: Re: commoning up code that changes uids and gids
>
> > It is never ever safe to allow a process to return to a raised level of
> > privilege after it has been running at a lower level of privilege.
> 
> It is safe to drop privilege in order to do certain actions.
> Even C3 security allows that.

Yes, of course, but it's never safe in a system using the unix security
model to raise privileges again in the same process.  It never has been
and it never will be, and there have been several very wide-spread and
serious security bugs in various system to remind you of this fact too.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>