Hacker News new | past | comments | ask | show | jobs | submit login 

    BEGIN {
        $API = new Backend($ENV{credentials});
        delete $ENV{credentials};
    };
Filesystem permissions do not make it possible for a program to internally partition access to those credentials unless you (a) start it as root, or (b) delete the credentials file after reading it.



A user process can start subprocesses under different users, without access permissions to the files owned by parent. The most obvious way to do so is to use sudo.


Using a setuid helper (even if it's called sudo) is still starting a program as root.


Not necessarily; sudo on Fedora has CAP_SETUID instead of the setuid bit, so it doesn't actually run as root.

http://fedoraproject.org/wiki/Features/RemoveSETUID


But CAP_SETUID, unless I'm confusing it with something else, can be used to set the UID to 0 and thereby gain all the same privileges as if the program had been started as root, can't it? Presumably it has some advantage that I'm not getting – does it have to be combined with e.g. SELinux to be useful?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: