Mark Stephen Dittmer
The UNIX Process Identity Crisis: A Standards-Driven Approach to Setuid
In this talk, I will present results from a standards-driven analysis of the setuid family of system calls. Setuid is a widely-used system for privilege-management, and some setuid functions are standardized by POSIX. My analysis includes an assessment of the quality of the standard, and a verification of five setuid implementations with respect to the standard. In the talk, I will discuss specific ways in which both the standard and implementations contribute to problems with setuid's usability and correctness. Towards the amelioration of these problems, I will discuss an alternative interface that wraps setuid, and argue for its superior usability and correctness.