[linux-lvm] lvcreate from a setuid-root binary
Christoph Pleger
christoph.pleger at cs.uni-dortmund.de
Mon Nov 19 08:55:07 UTC 2018
Hello,
On 2018-11-17 01:24, Alasdair G Kergon wrote:
> On Fri, Nov 16, 2018 at 02:43:10PM +0100, Christoph Pleger wrote:
>> I get security by checking the real user id at the beginning of the
>> program and aborting the program if that uid does not belong to the
>> only
>> user who is allowed to run the program.
>
> Sounds familiar. Shall I tell you one of those stories?
> ...
> ...
> ...
My program calls getpwuid() with the real user id of the calling user
and then compares this user's name with the name of the one and only
user who is allowed to continue program execution. Do you think that
this can be circumvented?
Regards
Christoph
More information about the linux-lvm
mailing list