Re: Set user ID on execution
> > [set-uid theory]
> OK, I understand the what you've said above, but give me an example. I have
> seen what happens when /bin/su is not setuid, but WHY does it have to be
> like that, and WHY does it do what it does when it's not setuid? I've seen
> a lot of other binaries in this predicament:
> [...]
why? well - i told, which power the set-uid root programs have. and that's
the reason to make them set-uid at all. only root may change the user-id
to an arbitrary value and thus change the identity (su, login). only root
may mount. only root has direct network access (ping), etc.
everything clear now? ;-)
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Linux - the last service pack you'll ever need.
Reply to: