Re: Permission policy

To: ruud@ruud.org (Ruud de Rooij)
Cc: debian-devel@lists.debian.org
Subject: Re: Permission policy
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri, 17 Mar 2000 10:31:11 +1100
Message-id: <[🔎] 200003162331.KAA28346@gondor.apana.org.au>
In-reply-to: <[🔎] 38CF7E41.86068BA0@zeus.ph1.uni-koeln.de> <[🔎] 20000316014322.A12134@lina.inka.de> <[🔎] 20000316105840.A14237@melkor.dnp.fmph.uniba.sk> <[🔎] 87snxrrz35.fsf@hobbes.home.ruud.org>

Ruud de Rooij <ruud@ruud.org> wrote:
>
> (of course, this attack can be prevented using mount options to
> disable setgid executables on all filesystems where users have write
> access)

But the user can still leave a process running with the privileges after he
logs out.  Now whenever he logs in from anywhere else in the world, he can
request the privileges from that process.
-- 
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

References:
- Re: Permission policy
  - From: ruud@ruud.org (Ruud de Rooij)

Prev by Date: Re: Less interactive upgrades.
Next by Date: Re: Two maintainer entrys in "bug reports by maintainer"
Previous by thread: Re: Permission policy
Next by thread: Re: Permission policy
Index(es):
- Date
- Thread