Re: Can user A kill any root process that's seteuid(A)?
Re: Can user A kill any root process that's seteuid(A)?
- Subject: Re: Can user A kill any root process that's seteuid(A)?
- From: Justin Walker <email@hidden>
- Date: Tue, 19 Apr 2005 21:24:39 -0700
On Apr 19, 2005, at 15:29, Dan Bernstein wrote:
I hope the following is not too off-topic for darwin-dev.
This is the right list.
It seems to be possible for user A to kill -9 a process whose saved
set-user-ID is 0 (root) and effective user ID is A's.
Yup. Check 'man 2 kill' for details.
Is there any way for a process to avoid getting killed like that when
doing, say, a seteuid(A)-fopen()-seteuid(0) sequence to access a file
under A's permissions (like pppd does with ~/.ppprc)?
I am not aware of any way to do this. The only issue is permission,
which is dictated by the uids of the sending and receiving processes.
If they match, the signal is sent. Some signals can be caught or
ignored, which may help somewhat, but some cannot be caught or ignored
(e.g., SIGKILL).
I can't say whether this will change in 10.4, but up through 10.3, this
is my understanding of how things work.
Regards,
Justin
--
Justin C. Walker, Curmudgeon-At-Large
Institute for General Semantics
--------
When LuteFisk is outlawed,
Only outlaws will have LuteFisk
--------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden