[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens
(PAGs)
Jeffrey Hutzelman
jhutz@cmu.edu
Thu, 15 Jul 2004 18:11:07 -0400
On Thursday, July 15, 2004 13:37:21 +0100 David Howells
<dhowells@redhat.com> wrote:
> Yes. The problem is how do you distinguish between a SUID binary that
> needs your keys, and one that shouldn't be given them?
You don't. If you don't trust a program to do things as you, don't run it.
SUID executables are a way of giving a program _elevated_ privilege, not
reducing its privileges below those held by the user.
The is analoguous to the way local filesystem credentials are handled. If
you run a SUID program, it can switch to your UID and do anything as you.