[m-dev.] Libraries Idea

Fergus Henderson fjh at cs.mu.OZ.AU
Wed Sep 22 11:57:09 AEST 1999


On 22-Sep-1999, Peter Schachte <schachte at cs.mu.OZ.AU> wrote:
> On Tue, Sep 21, 1999 at 11:31:09AM +1000, Warwick Harvey wrote:
> > Peter Schachte wrote:
> > > > 3.  On a multi-user / shared installation, how does one assure that file 
> > > > ownership and permissions are appropriate so that (a) anybody can cause a 
> > > > new grade to be installed, (b) a grade installed by one user can be used by 
> > > > another, and (c) no user can do malicious things to the installation.
> > > 
> > > An suid program?  What do TeX installations do so that generated fonts
> > > can be shared?  This is basically the same problem.
> ...
> > Another program I've seen cache generated files in this way is some versions 
> > of "man".  These run setuid, and cache the processed versions of man pages 
> > so they don't need to be re-processed if they're used again soon.  I've 
> > _heard_ that these kinds of systems have a history of security-related 
> > problems, and thus are somewhat out of favour with the security-conscious.
> > 
> > In any event, I'd be *very* concerned about a setuid solution to this 
> > problem.  It just seems too likely to be vulnerable to exploitation.
> 
> Hmmm.  Ok, how about a setgid program? There'd be a
> make-library-grade program/script owned by root, group mercurylib, and
> the Mercury library grade tree and library source trees would be the
> same, and all with mode 664.  So only this one program/script could
> write library object files, and the script would always work by
> compiling the write-protected library source files.
> 
> It sounds pretty safe to me, but I'm certainly no unix security
> expert.

As proposed, that is definitely not safe.  It has at least two serious
holes that could be easily exploited, plus a bug.

Do you want me to tell you what they are?

I know how to plug those holes,
but there may be other holes that I don't know about,
so perhaps it is better if I leave you guessing ;-)

-- 
Fergus Henderson <fjh at cs.mu.oz.au>  |  "I have always known that the pursuit
WWW: <http://www.cs.mu.oz.au/~fjh>  |  of excellence is a lethal habit"
PGP: finger fjh at 128.250.37.3        |     -- the last words of T. S. Garp.
--------------------------------------------------------------------------
mercury-developers mailing list
Post messages to:       mercury-developers at cs.mu.oz.au
Administrative Queries: owner-mercury-developers at cs.mu.oz.au
Subscriptions:          mercury-developers-request at cs.mu.oz.au
--------------------------------------------------------------------------



More information about the developers mailing list