Re: [coldsync-hackers] Re: Security considerations

[Andrew Arensburger <arensb+CSHackers@ooblick.com>]

On Sun, Mar 04, 2001 at 12:36:39AM +0100, Erik Forsberg wrote:
>     Andrew> 2) Can the 'coldsync' binary be tricked into setuid()ing
>     Andrew> back to root? (I think this might be possible, given the
>     Andrew> semantics of setuid()).
> 
> Well.. I don't think so. At least not for POSIX setuid. This is what
> my manual page says (Linux):

	Thanks for the correction. I guess I was thinking of the
special case of setuid (or maybe setuid-non-root binaries) binaries,
where it's possible to setuid() to some user, then setuid() back to
the owner of the binary.

>     Andrew> 	You're thinking of a standalone daemon. For the
>     Andrew> longest time, I wanted to do this, but eventually decided
>     Andrew> that it was too similar to 'getty' to reinvent the wheel.
> 
> Yes, but let's say you are a Unix workstation user without root
> privileges on your machine and want to use coldsync. Now, if your
> stupid sysadmin forgot to disallow you access to the serial ports, you
> can still run a standalone coldsync daemon as your user.

	Hm. It seems that this is really a political problem, not a
technical one. I don't really see that this calls for a technical
solution.
	Of course, in this case you can simply

	#!/bin/sh
	while true; do
		coldsync
	done

-- 
Andrew Arensburger                      This message *does* represent the
arensb@ooblick.com                      views of ooblick.com
	   MS-Windows98, from the folks who gave us EDLIN!

-- 
This message was sent through the coldsync-hackers mailing list.  To remove
yourself from this mailing list, send a message to majordomo@thedotin.net
with the words "unsubscribe coldsync-hackers" in the message body.  For more
information on Coldsync, send mail to coldsync-hackers-owner@thedotin.net.