[Coco] setuid? wasRe: Telnet to your CoCo.. and invite 6 of your friends
Willard Goosey
goosey at virgo.sdc.org
Sun Nov 29 03:44:52 EST 2009
On Sat, Nov 28, 2009 at 08:37:21PM -0800, Wayne Campbell wrote:
>OS-9 allows you to set access permissions based on the attributes of
>the file/folder/program. In order for a user to use a program, they
>have to have permission to access the directory, and the file and/or
>program to use it.
>
True. The filesystem's security seems to work fine.
> With this in mind, one can establish a userlevel that makes it
> possible to prevent users with lower access levels from using or
> accessing things requiring higher access levels. Is this not the
> case with OS-9?
Actually, that's the part we're trying to figure out... ;-)
Just like in UNIX there's a setuid() system call. If it makes even a
reasonable attempt to be secure (only user 0 is allowed to setuid)
then we're pretty much OK.
However, Tandy's documentation says it doesn't. It claims any user
can setuid to any other user-number.
So, I tried to test this with a C version of su(1) from Rainbow. The
binary was corrupt, so I had to recompile it... And it worked
properly. User 0 can setuid to any user number, but other users aren't
allowed to.
Just to make this further ambiguous, the Microware C manual says that
setuid() only works for user 0. The manual for Kreider C lib agrees,
but provides asetuid(), which succeeds even if you aren't user 0!
Someone's going to have to either try an assembly version of su or
read the source.
And not me (at least not tonight)! I've got other things to hack
tonight. Starting with the dished. :-(
Willard
--
Willard Goosey goosey at sdc.org
Socorro, New Mexico, USA
I search my heart and find Cimmeria, land of Darkness and the Night.
-- R.E. Howard
More information about the Coco
mailing list