From owner-cvs-all Sat Jul 8 15:23:44 2000 Delivered-To: cvs-all@freebsd.org Received: from mass.osd.bsdi.com (adsl-63-193-112-57.dsl.snfc21.pacbell.net [63.193.112.57]) by hub.freebsd.org (Postfix) with ESMTP id 1958737B62C; Sat, 8 Jul 2000 15:23:38 -0700 (PDT) (envelope-from msmith@mass.osd.bsdi.com) Received: from mass.osd.bsdi.com (localhost [127.0.0.1]) by mass.osd.bsdi.com (8.9.3/8.9.3) with ESMTP id PAA01325; Sat, 8 Jul 2000 15:30:13 -0700 (PDT) (envelope-from msmith@mass.osd.bsdi.com) Message-Id: <200007082230.PAA01325@mass.osd.bsdi.com> X-Mailer: exmh version 2.1.1 10/15/1999 To: Dag-Erling Smorgrav Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh sshd.c In-reply-to: Your message of "08 Jul 2000 12:33:51 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 08 Jul 2000 15:30:13 -0700 From: Mike Smith Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Wes Morgan writes: > > I hope that there is no way ever in 1e6 years that someone will be able to > > subvert /proc/curproc and get sshd to execute the program of his choice as > > root when it gets HUP'd. I can't think of any way possible, but there are > > 6 billion people out there besides me. > > Well, for starters, /proc might not be mounted, and an 3v1l h4xx0r > might be able to trick a root-owned process into creating > /proc/curproc/file. At which point about a billion other security holes are also opened. Your argument holds equally well for suggesting that "secure" programs should never read configuration files either. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message