> I was reading that some programs setuid themselves to root to do things (I
> think mount -all can be made to do it?). What are the restrictions of this?
> How are malicious (or stupid) programs prevented from root-ing themselves
> and causing Bad Things to happen?
An arbitrary program can't make itself root; this capability has to be
set up by the root user first. The mechanism is the "Set Effective
User-ID or Group-ID on Execution bit - if this is activated "chmod u+s"
on an executable file, then whenever that file is executed, the
"effective user ID" of the executing process will be set to the same as
the file's owner. Thus, for example, the mount command always runs "as
root", so that it can make the necessary system calls to mount a fs.
Only the file's owner (or root) can turn on the seteuid bit of a file.
Colm
--
Colm Buckley BA BF | NewWorld Commerce, 44 Westland Row, Dublin 2, Ireland
colm at tuatha.org (personal) | colm.buckley at nwcgroup.com (business)
+353 87 2469146 | whois cb3765 | http://www.tuatha.org/~colm/
Scientists found a whole new phylum of animal on a lobster's lip.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
