Re: Bug#27050 (fdutils): A cause for security concern?
On Tue, Jan 19, 1999 at 08:56:11PM -0600, John Hasler wrote:
> Avery Pennarun wrote:
> > When the docs for a setuid program warn you "not to trust its security"
> > then be afraid, be very afraid. It shouldn't be automatically setuid in
> > Debian until _some_ security-conscious person has audited it carefully.
>
> Would you say the same of daemons that run as root?
Coming from you, that sounds like a trick question. Okay, I volunteer to be
tricked: yes, daemons should not run as root (especially network servers)
unless they've been looked over by some security-competent person, and only
if they actually NEED to run as root!
I don't know its current status, but I submitted a bug against socks4-server
a while ago because it was running as root for no reason at all -- it works
fine when running as "nobody."
Setuid programs are actually more dangerous than daemons, though -- the
non-root user has more complete control over their execution environment, so
there are more types of security holes. For example, you can change the
PATH environment variable and shell strings (eg. IFS, HOME, etc) so using
the system() and execvp() system calls is generally dangerous in a setuid
program, but often not so bad in a daemon.
Have fun,
Avery
Reply to: