The Linux Programming Interface > Writing Secure Privileged Programs > Is a Set-User-ID or Set-Group-ID Program Required? - Pg. : Safari Books Online

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

The Linux Programming Interface

The Linux Programming Interface

Search

Contents

Praise for The Linux Programming Interface

Ch. 1. History and Standards

Ch. 2. Fundamental Concepts

Ch. 3. System Programming Concepts

Ch. 4. File I/O: The Universal I/O Model

Ch. 5. File I/O: Further Details

Ch. 6. Processes

Ch. 7. Memory Allocation

Ch. 8. Users and Groups

Ch. 9. Process Credentials

Ch. 11. System Limits and Options

Ch. 12. System and Process Information

Ch. 13. File I/O Buffering

Ch. 14. File Systems

Ch. 15. File Attributes

Ch. 16. Extended Attributes

Ch. 17. Access Control Lists

Ch. 18. Directories and Links

Ch. 19. Monitoring File Events

Ch. 20. Signals: Fundamental Concepts

Ch. 21. Signals: Signal Handlers

Ch. 22. Signals: Advanced Features

Ch. 23. Timers and Sleeping

Ch. 24. Process Creation

Ch. 25. Process Termination

Ch. 26. Monitoring Child Processes

Ch. 27. Program Execution

Ch. 28. Process Creation and Program Execution in More Detail

Ch. 29. Threads: Introduction

Ch. 30. Threads: Thread Synchronization

Ch. 31. Threads: Thread Safety and Per-Thread Storage

Ch. 32. Threads: Thread Cancellation

Ch. 33. Threads: Further Details

Ch. 34. Process Groups, Sessions, and Job Control

Ch. 35. Process Priorities and Scheduling

Ch. 36. Process Resources

Ch. 37. Daemons

Ch. 38. Writing Secure Privileged Programs

Is a Set-User-ID or Set-Group-ID Program Required?

Operate with Least Privilege

Be Careful When Executing a Program

Avoid Exposing Sensitive Information

Confine the Process

Beware of Signals and Race Conditions

Pitfalls When Performing File Operations and File I/O

Don't Trust Inputs or the Environment

Beware of Buffer Overruns

Beware of Denial-of-Service Attacks

Check Return Statuses and Fail Safely

Ch. 39. Capabilities

Ch. 40. Login Accounting

Ch. 41. Fundamentals of Shared Libraries

Ch. 42. Advanced Features of Shared Libraries

Ch. 43. Interprocess Communication Overview

Ch. 44. Pipes and FIFOs

Ch. 45. Introduction to System V IPC

Ch. 46. System V Message Queues

Ch. 47. System V Semaphores

Ch. 48. System V Shared Memory

Ch. 49. Memory Mappings

Ch. 50. Virtual Memory Operations

Ch. 51. Introduction to POSIX IPC

Ch. 52. POSIX Message Queues

Ch. 53. POSIX Semaphores

Ch. 54. POSIX Shared Memory

Ch. 55. File Locking

Ch. 56. Sockets: Introduction

Ch. 57. Sockets: UNIX Domain

Ch. 58. Sockets: Fundamentals of TCP/IP Networks

Ch. 59. Sockets: Internet Domains

Ch. 60. Sockets: Server Design

Ch. 61. Sockets: Advanced Topics

Ch. 62. Terminals

Ch. 63. Alternative I/O Models

Ch. 64. Pseudoterminals

Appx. A. Tracing System Calls

Appx. B. Parsing Command-Line Options

Appx. C. Casting the NULL Pointer

Appx. D. Kernel Configuration

Appx. E. Further Sources of Information

Appx. F. Solutions to Selected Exercises

Appx. G. Updates

URL

Help

38.1. Is a Set-User-ID or Set-Group-ID Program Required?

One of the best pieces of advice concerning set-user-ID and set-group-ID programs is to avoid writing them whenever possible. If there is an alternative way of performing a task that doesn’t involve giving a program privilege, we should generally employ that alternative, since it eliminates the possibility of a security compromise.

Sometimes, we can isolate the functionality that needs privilege into a separate program that performs a single task, and exec that program in a child process as required. This technique can be especially useful for libraries. One example of such a use is provided by the pt_chown program described in Section 64.2.2.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial