On Apr 28, 2005, at 10:53 AM, Robin L Darroch robin-at-spade-men.com
|KisMAC list/personal| wrote:
Apple snuck in a worthwhile security fix in the release. They turned off the ability to use the SETUID bit in file permissions which allows any user to start up an admin process. Most modern Unix systems have removed this feature as a serious security risk.
I know this is going a bit off-topic, but I'm curious to know why the SETUID bit is - in and of itself - a serious security risk. Surely as long as the process in question is appropriately secure, allowing it to run as an administrative user even though it has been called by a regular user is sometimes an appropriate way of doing things. Of course, it is the admin's responsibility to ensure that any SUID-root application or script is secure (because otherwise buffer overflow and break-out exploits could render the system insecure)... but it should be up to the admin to do that, no?