Re: Interesting suid problem



Because we have 1500+ users which are added
every semester and EVERYONE needs to be able
to read it. There are three different levels
of access which are determined upon startup
by which group you are in (nothing special,
worker, or manager). The access is software
enforced and what we want is to make it so
normal users cannot read the password file.
If they could, they'd be able to just login
to the DB and issue commands, viewing information
about other users which they should not
be able to view.

Jeff Shipman           E-Mail: jeff nmt edu
Systems Programmer     Phone: (505) 835-5748
NMIMT Computer Center  http://www.nmt.edu/~jeff

On 21 Feb 2002, Sven Neumann wrote:

} Hi,
}
} Jeff Shipman - SysProg <jeff nmt edu> writes:
}
} > I have a situation where I am using GTK as
} > a frontend for a databse we have. Everything
} > is fine except for the fact that I want to
} > keep the database password secure. I do
} > not want to store it in the program for
} > obvious reasons so I thought I would save
} > it in an external file and have the program
} > read it on startup. The only decent way that
} > I know of to do this have a special user
} > which can read the file and have the program
} > setuid to run as that user. However, gtk
} > doesn't like being run setuid.
}
} If you make your GTK+ app run setuid you can as well make the passwd
} file readable by everyone.  How about making the file readable by
} members of a special group and add authorized users to that group ?
}
}
} Salut, Sven
}




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]