[CentOS] Problem running a setuid Perl script on CentOS 4.5
James Olin Oden
james.oden at gmail.com
Fri Nov 16 18:09:52 UTC 2007
> Good suggestions. Also keep in mind that you don't always suid to
> root. You can also suid to another user (which seems to be the case
> here).
Sure. Just like login does.
Actually, want I would really like to see is the ability to mark
certain sections of code to be ran as another user, but to do this
marking at build time rather than using a elevation and de-elevation
algorithm. This avoids the problem of someone being able to in
non-elevated mode call elevate, as the code was immutabley marked at
build time to run at whatever privilige level it was set too.
This is not UNIX's current model, and it might just be a half-brained
idea, but it seems to me it would get past the major weaknesses of
setuid programs.
Cheers...james
More information about the CentOS
mailing list