Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How can I limit access to a SUID/SGID process-image safely?

limit safely sgid suid
0
Posted

How can I limit access to a SUID/SGID process-image safely?

0 CommentsAdd a Comment

1 Answer

0

The question may seem vague but sometimes it would seem attractive to have a SUID process that is only executable by a particular set of users. Some time ago I implemented a distributed network monitoring package that had java clients talk to it remotely, and sniffers running on different servers (a very ambitious undertaking). The actual servers where run under a special group called “sly” that would in turn have access to a SUID process-image to do all the sniffing. The child process ran as root, but could only be executed by users in the group “sly.” At first this looks good. The actual server does not run with special privileges, and it would seem that if it got exploited the attacker would not gain root privileges. However, he would gain privileges for the group “sly” that would let him sniff the local network. If he was then able to exploit the sniffer, he would gain root privileges. But he needs to exploit the server to the point of executing arbitrary code on the machine. Creat

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123