search

ravthan / all-eyes

Automatically exported from code.google.com/p/all-eyes
0 stars 0 forks source link

Suggest add call to setgid() for dropping privilleges #63

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
File ae.c, the function dropPrivileges() calls the setuid() to drop to user 
monUserId. Suggest that we add the call setgid() as well to close the tiny 
window of group privilege issue. Please note that there is the code to make 
sure that the 'ae' daemon can be only called by the root user (see main() where 
if (geteuid() != 0){...}). Therefore, the combination of calls

setgid()
setuid()

can effectively drop to user monUserId and protect us from attacks.

Original issue reported on code.google.com by toddd...@gmail.com on 8 Nov 2012 at 5:52

GoogleCodeExporter commented 8 years ago 
Correct see the aeproxy.c launcher

Original comment by tbrt....@gmail.com on 9 Nov 2012 at 11:57

GoogleCodeExporter commented 8 years ago 
Fixed. 

r733

Original comment by ravt...@gmail.com on 10 Nov 2012 at 5:03

GoogleCodeExporter commented 8 years ago 
Verified with unit testing

Original comment by tbrt....@gmail.com on 9 Dec 2012 at 9:24