[m-dev.] Libraries Idea
Warwick Harvey
wharvey at cs.monash.edu.au
Wed Sep 22 11:25:10 AEST 1999
Peter Schachte wrote:
> On Tue, Sep 21, 1999 at 11:31:09AM +1000, Warwick Harvey wrote:
> > Another program I've seen cache generated files in this way is some versions
> > of "man". These run setuid, and cache the processed versions of man pages
> > so they don't need to be re-processed if they're used again soon. I've
> > _heard_ that these kinds of systems have a history of security-related
> > problems, and thus are somewhat out of favour with the security-conscious.
> >
> > In any event, I'd be *very* concerned about a setuid solution to this
> > problem. It just seems too likely to be vulnerable to exploitation.
>
> Hmmm. Ok, how about a setgid program? There'd be a
> make-library-grade program/script owned by root, group mercurylib, and
> the Mercury library grade tree and library source trees would be the
> same, and all with mode 664. So only this one program/script could
> write library object files, and the script would always work by
> compiling the write-protected library source files.
I don't see that this solves any of the problems. If it's only setgid, then
the processes are still owned by the user invoking them, as will be the
files, and so the user can still do anything they like with the files once
they exist (you cannot deny the owner of the file write access to it,
because they are [essentially] free to change the permissions on it any time
they like). Even if that could be arranged, setgid suffers from most of the
problems of setuid, in that preventing the malicious setting of environment
variables, avoiding race conditions, etc., etc. are still required. And for
something as complicated as a Mercury build, that kind of thing scares me,
unless some very simple insulating wrapper can be devised which somehow
avoids them all in one go.
Warwick
--------------------------------------------------------------------------
mercury-developers mailing list
Post messages to: mercury-developers at cs.mu.oz.au
Administrative Queries: owner-mercury-developers at cs.mu.oz.au
Subscriptions: mercury-developers-request at cs.mu.oz.au
--------------------------------------------------------------------------
More information about the developers
mailing list