[m-dev.] Libraries Idea
Fergus Henderson
fjh at cs.mu.OZ.AU
Wed Sep 22 11:57:09 AEST 1999
On 22-Sep-1999, Peter Schachte <schachte at cs.mu.OZ.AU> wrote:
> On Tue, Sep 21, 1999 at 11:31:09AM +1000, Warwick Harvey wrote:
> > Peter Schachte wrote:
> > > > 3. On a multi-user / shared installation, how does one assure that file
> > > > ownership and permissions are appropriate so that (a) anybody can cause a
> > > > new grade to be installed, (b) a grade installed by one user can be used by
> > > > another, and (c) no user can do malicious things to the installation.
> > >
> > > An suid program? What do TeX installations do so that generated fonts
> > > can be shared? This is basically the same problem.
> ...
> > Another program I've seen cache generated files in this way is some versions
> > of "man". These run setuid, and cache the processed versions of man pages
> > so they don't need to be re-processed if they're used again soon. I've
> > _heard_ that these kinds of systems have a history of security-related
> > problems, and thus are somewhat out of favour with the security-conscious.
> >
> > In any event, I'd be *very* concerned about a setuid solution to this
> > problem. It just seems too likely to be vulnerable to exploitation.
>
> Hmmm. Ok, how about a setgid program? There'd be a
> make-library-grade program/script owned by root, group mercurylib, and
> the Mercury library grade tree and library source trees would be the
> same, and all with mode 664. So only this one program/script could
> write library object files, and the script would always work by
> compiling the write-protected library source files.
>
> It sounds pretty safe to me, but I'm certainly no unix security
> expert.
As proposed, that is definitely not safe. It has at least two serious
holes that could be easily exploited, plus a bug.
Do you want me to tell you what they are?
I know how to plug those holes,
but there may be other holes that I don't know about,
so perhaps it is better if I leave you guessing ;-)
--
Fergus Henderson <fjh at cs.mu.oz.au> | "I have always known that the pursuit
WWW: <http://www.cs.mu.oz.au/~fjh> | of excellence is a lethal habit"
PGP: finger fjh at 128.250.37.3 | -- the last words of T. S. Garp.
--------------------------------------------------------------------------
mercury-developers mailing list
Post messages to: mercury-developers at cs.mu.oz.au
Administrative Queries: owner-mercury-developers at cs.mu.oz.au
Subscriptions: mercury-developers-request at cs.mu.oz.au
--------------------------------------------------------------------------
More information about the developers
mailing list