dma user config
dillon at apollo.backplane.com
Sun Feb 3 13:55:01 PST 2008
:Running a setuid root binary or having root starting a setuid process=20
:doesn't make much of a difference, no?
Huge difference. A suid-root binary is run by a user, in a context
provided by the user. e.g. environment variables, current directory,
resource limits, and other things. It's a huge security hole.
A root process run by another root process is run in a context
controlled by that other root process and not the user.
It is much, much safer to start as root and drop privileages in a
controlled environment then it is to start as a user and increase
privileages by exec'ing a suid-root binary.
More information about the Kernel