On Wed, Aug 31, 2005 at 11:18:19PM +0400, Michael Bushkov wrote: > >On Tue, Aug 30, 2005 at 05:32:52PM +0400, Michael Bushkov wrote: > >>We can't ensure that, I guess. In the upcoming version (before the 1st of > >>September), the cache would be per-user. This would solve all the security > >>problems. In a little while, I'll implement the ability for cached to act > >>as nscd. So you'll be able to choose the behaviour. > >What about setuid/setgid programs then? > >setuid root programs can use root's cache, perhaps a similar thing could > >be done for other setuid programs, but what about setgid? > >perhaps don't cache at all for set*id programs (issetugid(2))? > Per-user cache uses euid as the user identifier. So every setuid program > will use the cache, which corresponds to its euid. > But how can setgid affect the cache operations? Do you see some potential > issue? User X puts some garbled information in the cache for his uid, then starts a setgid program. That setgid program will use the bad data in the cache which is potentially exploitable. -- Jilles TjoelkerReceived on Wed Aug 31 2005 - 17:48:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:42 UTC