> These should not remain in effect after the program that adds them
> completes (i.e. removed from the stack).  If you are convinced that they
> really do, you should probably report it as a bug....

I was flat-out wrong about this.  Thanks to Ed Fishel for reminding me how
this stuff works...(in a shameless attempt to provide a lousy reason for
being wrong, we designed and implemented

If the program does not reset the original contents, these changes DO
remain in affect!!!!!

Adopted authority is done by adding information to each stack-frame in a
process.  Therefore, when the stack-frame is removed, the adopted authority
goes away.

A swap (and setuid) changes the users and groups for a job.  Like a swap,
the setuid stuff is NOT removed when the program in a stack-frame that
caused the change is removed.

I apologize for providing incorrect information!!!!


Patrick Botz
Senior Technical Staff Member
eServer Security Architect
(507) 253-0917, T/L 553-0917
email: botz@xxxxxxxxxx



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.