Berkeley CSUA MOTD:2009:March:08 Sunday <Saturday, Monday>
Berkeley CSUA MOTD
2009/3/8-17 [Computer/SW/Unix] UID:52685 Activity:kinda low
3/8     I'm reading about an old exploit where someone used a buffer overflow
        in a printer daemon to get "daemon privileges," which allowed them
        to use another exploit on the mail delivery program to get root.  I'm
        not sure what daemon privileges are.  Is there some set of priveleges
        that most daemons run on that is higher than user but lower than root?
        What are they?  I've never heard this before.
        \_ It used to be common to run daemons as a user named "daemon".  The
           daemon account doesn't have any special privileges, but if all your
           daemons are running in a single account, anyone who breaks into the
           account gets access to all of them.  Modern systems run each daemon
           as a separate user, so if you break into apache you only get access
           to the "www" account or whatever.
           \_ And to expound, usually these users like 'daemon' and 'apache'
              are given *less privilege* than a normal user - at least to the
              extent that is possible with UNIX permissions. For instance,
              they have no login shell.
           \_ Ok, thanks.  So, I guess the idea here is that the mail delivery
              program was running as daemon, but hadn't dropped root
              \_ Probably the deal was that the mail daemon had a function
                 which runs as root, but only allows programs running as
                 daemon to access it.  So once you can run arbitrary code
                 as daemon, you can run the mail function as root.  -tom
2009/3/8-17 [Politics/Domestic/President/Clinton, Politics/Domestic/Election] UID:52686 Activity:kinda low
        Obama has no idea what the fuck he's doing -Dem
        \_ A Democrat who reads the American Spectator? Really?
           \_ The GOP has fucked things up in ways you cannot imagine, but this
              does not equate to the Dems knowing what the fuck they're doing.
              We're all fucked!  I'll let you know when I seee the Dems getting
              on the right track. -Dem
        \_ Cult of personality figures tend not to.
        \_ This is a slightly nicer web site than freerepublic. Kudos!
        \_ Both parties love Big Government:
Berkeley CSUA MOTD:2009:March:08 Sunday <Saturday, Monday>