woods@??? said:
> Note that the user will only be able to play tricks with the exim
> process (such as perhaps writing to its address space on those systems
> that make the mistake of allowing this) during the time when when the
> process has dropped its privileges, eg. after it calls:
> seteuid(real_uid);
> /* ... process may now be vulnerable ... */
> While running as root the process is only vulnerable to the usual set
> of programming mistakes, as the process address space will most likely
> not be writable by the user, etc. (I.e. contrary to several known
> bugs with seteuid() in several systems of radically different
> heritage, there haven't ever been many bugs that made ordinary setuid
> processes vulnerable.)
Slightly unhelpfully, since this is rather OS specific, Linux has a
setfsuid() set of calls, that *only* change the effective UID used for
file access - everything else is still root, such as process
permissions.
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
