From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 17 Aug 2005 02:06:33 +0400 From: "Dmitry V. Levin" To: ALT Devel discussion list Subject: Re: [devel] Re: suid/sgid programs and temporary files Message-ID: <20050816220633.GA7730@basalt.office.altlinux.org> Mail-Followup-To: ALT Devel discussion list References: <20050816193136.GT19097@solemn.turbinal.org> <20050816195629.GB2637@basalt.office.altlinux.org> <20050816214256.GV19097@solemn.turbinal.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh" Content-Disposition: inline In-Reply-To: <20050816214256.GV19097@solemn.turbinal.org> X-fingerprint: 9658 398D 181B 1200 8FC5 26B8 F6F8 846B C1E2 3429 Cc: X-BeenThere: devel@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Devel discussion list List-Id: ALT Devel discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2005 22:06:35 -0000 Archived-At: List-Archive: List-Post: --jI8keyz6grp/JLjh Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 17, 2005 at 01:42:56AM +0400, Alexey Tourbin wrote: > On Tue, Aug 16, 2005 at 11:56:29PM +0400, Dmitry V. Levin wrote: > > > =F5=D3=CC=CF=D7=C9=D1 =D0=CF=C4=DE=C5=D2=CB=CE=D5=D4=CF=CA =D0=D2=CF= =D7=C5=D2=CB=C9 =CD=CF=D6=CE=CF =D0=C5=D2=C5=D7=C5=D3=D4=C9 =D0=D2=C9=CD=C5= =D2=CE=CF =CB=C1=CB > > > st.st_uid > 10 && st.st_uid !=3D getuid() > > >=20 > > > =F7=CF=D0=D2=CF=D3: =C8=CF=D2=CF=DB=CF =CC=C9, =DE=D4=CF =DA=C4=C5=D3= =D8 =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4=D3=D1 real uid? =EE=C5 =CC=D5=DE=DB=C5 = =CC=C9 > > > =D0=D2=CF=D7=C5=D2=D1=D4=D8 effective uid?=20 > >=20 > > =FC=D4=CF =DA=C1=D7=C9=D3=C9=D4 =CF=D4 =D3=C5=CD=C1=CE=D4=C9=CB=C9 =CD= =CF=C4=D5=CC=D1. > > =E4=D2=D5=C7=C9=CD=C9 =D3=CC=CF=D7=C1=CD=C9, =C4=CC=D1 =DE=C5=C7=CF =CF= =CE =D0=D2=C5=C4=CE=C1=DA=CE=C1=DE=C5=CE. >=20 > =ED=CF=C4=D5=CC=D8 =D0=D2=C5=C4=CE=C1=DA=CE=C1=DE=C5=CE =C4=CC=D1 =C2=C5= =DA=CF=D0=C1=D3=CE=CF=C7=CF =D3=CF=DA=C4=C1=CE=C9=D1 =D7=D2=C5=CD=C5=CE=CE= =D9=C8 =C6=C1=CA=CC=CF=D7. > =F3=C5=CD=C1=CE=D4=C9=CB=C1, =C7=D2=D5=C2=CF =C7=CF=D7=CF=D2=D1, =D4=C1= =CB=C1=D1 =D6=C5, =CB=C1=CB =D5 mktemp(1). >=20 > =EB=CF=C7=C4=C1 =D0=D2=C9 =D0=CF=CD=CF=DD=C9 `mktemp -t prog.XXXXXX` =D3= =CF=DA=C4=C1=C5=D4=D3=D1 =D7=D2=C5=CD=C5=CE=CE=D9=CA =C6=C1=CA=CC, =D1 =CE= =C5 > =DA=CE=C1=C0, =D0=D2=CF=D7=C5=D2=D1=C5=D4 =CC=C9 mktemp *=CB=C1=D4=C1=CC= =CF=C7*, =D7 =CB=CF=D4=CF=D2=CF=CD =C2=D5=C4=C5=D4 =D3=CF=DA=C4=C1=CE =D7= =D2=C5=CD=C5=CE=CE=D9=CA > =C6=C1=CA=CC. =E5=D3=CC=C9 =CB=C1=D4=C1=CC=CF=C7 =D0=D2=C9=CE=C1=C4=CC= =C5=D6=C9=D4 =CE=C5 =D2=D5=D4=D5 (st_uid > 10) =C9 =CE=C5 =CE=C1=CD, =D4=CF > "=CB=D4=CF-=D4=CF" (=D0=CF=D4=C5=CE=C3=C9=C1=CC=D8=CE=D9=CA =DA=CC=CF=D5= =CD=D9=DB=CC=C5=CE=CE=C9=CB) =CD=CF=D6=C5=D4 =D0=CF=D0=D2=CF=D3=D4=D5 =D0= =CF=C4=CD=C5=CE=C9=D4=D8 > =D7=D2=C5=CD=C5=CE=CE=D9=CA =C6=C1=CA=CC (=D3=D4=C1=D2=D9=CA =D5=C4=C1=CC= =C9=D4=D8, =C1 =D7=CD=C5=D3=D4=CF =CE=C5=C7=CF =D3=C4=C5=CC=C1=D4=D8 =CE=CF= =D7=D9=CA). > =F7=CF=DA=CD=CF=D6=CE=CF=D3=D4=D8 =D0=CF=C4=CD=C5=CE=D9 =D3=CF=C8=D2=C1= =CE=D1=C5=D4=D3=D1, =C5=D3=CC=C9 =CB=C1=D4=C1=CC=CF=C7 =C4=CF=D3=D4=D5=D0= =C5=CE =D0=CF =DA=C1=D0=C9=D3=C9 > =CB=CF=CD=D5-=CE=C9=C2=D5=C4=D8 =C5=DD=A3 (=C9 =CE=C5 =DA=C1=DD=C9=DD=C5= =CE sticky bit'=CF=CD). mktemp =CE=C5 =D0=D2=CF=D7=C5=D2=D1=C5=D4 $TMPDIR =CE=C1 =C2=C5=DA=CF=D0=C1= =D3=CE=CF=D3=D4=D8. =ED=C5=D6=C4=D5 =D0=D2=CF=DE=C9=CD, =D0=C5=D2=C5=C4=C1=DE=C1 =D7=D2=C5=CD= =C5=CE=CE=CF=C7=CF =C6=C1=CA=CC=C1 =D0=CF =C9=CD=C5=CE=C9 =CE=C5=C2=C5=DA= =CF=D0=C1=D3=CE=C1 =D3=C1=CD=C1 =D0=CF =D3=C5=C2=C5, =DC=D4=C1 =D4=C5=CD=C1 =CF=C2=D3=D5=D6=C4=C1=CC=C1=D3=D8 =C7=CF=C4-=C4=D7= =C1-=D4=D2=C9 =CE=C1=DA=C1=C4 =D7 =D3=D0=C9=D3=CB=C1=C8 =D2=C1=D3=D3=D9=CC= =CB=C9 =D4=C9=D0=C1 bugtraq. =F7=D9=C8=CF=C4 - =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 mkstemp(3), =CB=CF= =D4=CF=D2=D9=CA =D7=CF=DA=D7=D2=C1=DD=C1=C5=D4 =CF=D4=CB=D2=D9=D4=D9=CA =C4= =C5=D3=CB=D2=C9=D0=D4=CF=D2; =D7 =DC=D4=CF=CD =D3=CC=D5=DE=C1=C5 =C6=C1=CA=CC =CD=CF=D6=C5=D4 =CE=C1=C8= =CF=C4=C9=D4=D3=D1 =C7=C4=C5 =D5=C7=CF=C4=CE=CF, =C9 =D0=D2=CF=C2=CC=C5=CD= =C1 =CD=CF=D6=C5=D4 =D7=CF=DA=CE=C9=CB=CE=D5=D4=D8 =D4=CF=CC=D8=CB=CF =D3 =C5=C7=CF =D5=C4=C1=CC=C5=CE=C9=C5=CD. > > =F0=D2=C9 =D4=CF=CA =C9=CE=C6=CF=D2=CD=C1=C3=C9=C9, =DE=D4=CF =D3=CF=C4= =C5=D2=D6=C9=D4=D3=D1 =D7 =CB=CF=CD=CD=C5=CE=D4=C1=D2=C9=C9, =D5 =CD=C5=CE= =D1 =D3=CB=CC=C1=C4=D9=D7=C1=C5=D4=D3=D1 > > =CF=DD=D5=DD=C5=CE=C9=C5, =DE=D4=CF =D0=D2=CF=D7=C5=D2=D1=D4=D8 effecti= ve uid =C2=D9=CC=CF =C2=D9 =CC=CF=C7=C9=DE=CE=C5=C5. >=20 > =FC=D4=CF =CF=D3=CF=C2=C5=CE=CE=CF =C1=CB=D4=D5=C1=CC=D8=CE=CF =C4=CC=D1 = suid'=CE=D9=C8 =D3=CB=D2=C9=D0=D4=CF=D7. =E5=D3=CC=C9 =F7=C1=D3=C9=CC=C9= =CA =DA=C1=D0=D5=D3=CB=C1=C5=D4 > suid =D3=CB=D2=C9=D0=D4, =CB=CF=D4=CF=D2=D9=CA =D3=CF=DA=C4=C1=A3=D4 =D7= =D2=C5=CD=C5=CE=CE=D9=CA =C6=C1=CA=CC =D7 ~/tmp (=CB=C1=D4=C1=CC=CF=C7 =D3= =DE=C9=D4=C1=C5=D4=D3=D1 > =C2=C5=DA=CF=D0=C1=D3=CE=D9=CD, =D0=CF=D4=CF=CD=D5 =DE=D4=CF getuid() =3D= =3D =F7=C1=D3=C9=CC=C9=CA), =D4=CF =D7=D2=C5=CD=C5=CE=CE=D9=CA =C6=C1=CA=CC= =CD=CF=D6=CE=CF > =C2=D5=C4=C5=D4 =D0=CF=C4=CD=C5=CE=C9=D4=D8. =F3 =C4=D2=D5=C7=CF=CA =D3= =D4=CF=D2=CF=CE=D9, =C5=D3=CC=C9 =C2=D9 =D7=D9=D0=CF=CC=CE=D1=CC=C1=D3=D8 = =D0=D2=CF=D7=C5=D2=CB=C1 > geteuid() =3D=3D =F7=C1=D3=C9=CC=C9=CA, =D4=CF =CB=C1=D4=C1=CC=CF=C7 ~/tm= p =D5=D6=C5 =CE=C5 =D3=DE=C9=D4=C1=CC=D3=D1 =C2=D9 =C2=C5=DA=CF=D0=C1=D3=CE= =D9=CD. =FC=D4=CF =D5=D3=C9=CC=C9=D7=C1=C5=D4 =D4=CF=DE=CB=D5 =DA=D2=C5=CE=C9=D1, = =D3=CF=C7=CC=C1=D3=CE=CF =CB=CF=D4=CF=D2=CF=CA =CE=D5=D6=CE=CF =C9=D3=D0=CF= =CC=D8=DA=CF=D7=C1=D4=D8 geteuid. --=20 ldv --jI8keyz6grp/JLjh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFDAmNp9viEa8HiNCkRAggyAJ4koSSp/lmCXFaemOmqiE1kqZMulACcDo41 Z/DhH4664WGo1dNBsf9kmu4= =8Unt -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh--