Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

38. Writing Secure Privileged Programs > Be Careful When Executing a Program

Be Careful When Executing a Program

Caution is required when a privileged program executes another program, either directly, via an exec(), or indirectly, via system(), popen(), or a similar library function.

Drop privileges permanently before execing another program

If a set-user-ID (or set-group-ID) program executes another program, then it should ensure that all process user (group) IDs are reset to the same value as the real user (group) ID, so that the new program doesn’t start with privileges and also can’t reacquire them. One way to do this is to reset all of the IDs before performing the exec(), using the techniques described in Section 38.2.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint