11 Apr
2005
11 Apr
'05
12:42 a.m.
Mike Hearn wrote:
On Fri, 08 Apr 2005 13:29:56 -0500, Robert Shearman wrote:
- setuid binaries make
sysadmins nervous and would require a security audit by us. Yes, they don't need to make it setuid, but then the people who do could run their programs as root anyway.
Presumably only the code up until the point at which we drop privs needs to be audited though. Suid root binaries that drop privs are pretty common.
You're forgetting the reason why we need the suid root binary - because allowing processes to set their priority as realtime (or otherwise very high) leaves the system open to a trvial DoS attack. Not only do the startup code paths need to be audited, but also the priority setting logic too.
Rob