[X-Unix] Security content of the Mac OS X 10.3.9 Update
Matthew Barr
mbarr at mbarr.net
Mon Apr 18 08:29:16 PDT 2005
On Apr 18, 2005, at 11:22 AM, Albert Lunde wrote:
> On Mon, Apr 18, 2005 at 11:16:18AM -0400, Matthew Barr wrote:
>> What I'm concerned about is things like spamd, a part of spamassassin.
>> It runs as a user, then setuid's to the user running the client. This
>> allows it to use a bunch of config files and db's as the user
>> directly... It sounds like it'll be dead if you add in 10.3.9. We'll
>> have to see.
>
> Is it a binary or a script (perl/shell/python etc).
>
> If it's a binary there's no problem.
>
> Also, note that this is not talking about programs like Apache httpd
> that are started as root, then execute "setuid" or "setgid" system
> calls, to change their effective permissions: that's something
> different.
OK.. good.
It's a binary, and it probably operates in some ways like Apache. It's
started as root, then changes the children to another user while
running, then goes back to being root again. Not using it for scripts
is OK.. I was worried much more about binaries.
Matthew
Matthew Barr
Managing Partner
Datalyte Consulting, LLC
Apple Authorized Reseller
mailto:mbarr at datalyte.com
cell: (646) 765-6878
More information about the X-Unix
mailing list