1 |
On 07/29/2018 09:16 PM, Ulrich Mueller wrote: |
2 |
> |
3 |
> Staying with the man:man example, how would anybody become the "man" |
4 |
> user, in the first place? That user has /bin/false as a shell and no |
5 |
> valid password. |
6 |
|
7 |
One way would be to exploit a process that's running as the "man" user. |
8 |
Ostensibly such a thing is possible; otherwise we wouldn't be dropping |
9 |
privileges in the first place. |
10 |
|
11 |
The shell/password settings for that user are also in no way guaranteed. |
12 |
|
13 |
But on principle: who cares, non-root users shouldn't be able to gain |
14 |
root =) |
15 |
|
16 |
|
17 |
> Setgid executables shouldn't be group writable |
18 |
|
19 |
Why not? I'm happy to pull that part back out. |