UI: sudo-1.6.4rc*: set_perms_posix introduces new problems
Todd C. Miller
Todd.Miller at courtesan.com
Sun Jan 13 13:47:51 EST 2002
In message <20020113115150.GA18230 at altair.office.altlinux.ru>
so spake "Dmitry V. Levin" (ldv):
> Upcoming sudo-1.6.4 introduces new set_perms implementation,
> set_perms_posix. However use of this function have a drawback: most of the
> time sudo is running with real uid of the caller, which allows user to
> manipulate sudo process with signals. For example, send_mail function can
> be terminated by user which is nogood. Another drawback is that sendmail
> program gets executed suid which is also nogood (postfix doesn't like it).
The mailer should never be called setuid so that will be fixed.
The setuid nature is mostly by design since it allows the stay_setuid
option to work. There is no way to set just the real uid in POSIX.
However, if the "stay_setuid" option is not in effect there's no
reason to use set_perms_posix() so I'll add a check for that and a
caveat about stay_setuid in the manual. What is really needed is
a configure check for a working seteuid() but that's not really
possible.
I've made these changes in:
ftp://ftp.courtesan.com/pub/sudo/beta/sudo-1.6.4rc4.tar.gz
1.6.4-final is still scheduled for release tomorrow.
- todd
More information about the sudo-workers
mailing list