Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


UNSAFE! | 10 comments | Create New Account
Click here to return to the 'UNSAFE!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
UNSAFE!
Authored by: hast on Jun 08, '04 01:33:46AM

Not safe!

A program can simply call seteuid(getuid()) and it will break out of the sandbox. This is because when a setuid program is exec()'ed it changes the effective uid to the owner of the file, changes the saved uid to the previous effective uid and leaves the real uid unchanged. The seteuid() call allows a program then to change the effective uid to the saved uid or the real uid. The real uid can be found using the getuid() call.

Setuid is meant for running programs with higher privileges, not for running unknown programs with lower privileges.

Also, the script changes the setuid bits before changing the owner. This creates a race condition where the unknown program can be run by anyone with your credentials.



[ Reply to This | # ]