[kismac] Re: suid off

  • From: Robin L Darroch <robin@xxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Thu, 28 Apr 2005 22:53:43 +0800

Apple snuck in a worthwhile security fix in the release. They turned off the ability to use the SETUID bit in file permissions which allows any user to start up an admin process. Most modern Unix systems have removed this feature as a serious security risk.

I know this is going a bit off-topic, but I'm curious to know why the SETUID bit is - in and of itself - a serious security risk. Surely as long as the process in question is appropriately secure, allowing it to run as an administrative user even though it has been called by a regular user is sometimes an appropriate way of doing things. Of course, it is the admin's responsibility to ensure that any SUID-root application or script is secure (because otherwise buffer overflow and break-out exploits could render the system insecure)... but it should be up to the admin to do that, no?

Looking at it a different way, how do "modern Unix systems" enable an ordinary user to achieve anything that would need admin permissions along the way? How, to take the example of KisMAC, can an administrator give regular users permission to (for example) load and unload the wlan adapter drivers?

It's been a long time since I've been in a high-security-threat environment (aside from the Internet in general, which is largely taken care of as long as you're not running Windows)... would be interested to hear more details on how things are supposed to be done in these paranoid-delusional days. :)



 Robin L. Darroch - PO Box 2715, South Hedland WA 6722 - +61 421 503 966
      robin@xxxxxxxxxxxxx - robin@xxxxxxxxxxx - robin@xxxxxxxxxxxxx

Other related posts: