Date: 09 Jul 2000 00:30:56 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Mike Smith <msmith@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh sshd.c Message-ID: <xzpd7ko9rvj.fsf@flood.ping.uio.no> In-Reply-To: Mike Smith's message of "Sat, 08 Jul 2000 15:30:13 -0700" References: <200007082230.PAA01325@mass.osd.bsdi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Smith <msmith@FreeBSD.org> writes: > > Well, for starters, /proc might not be mounted, and an 3v1l h4xx0r > > might be able to trick a root-owned process into creating > > /proc/curproc/file. > At which point about a billion other security holes are also opened. > Your argument holds equally well for suggesting that "secure" programs > should never read configuration files either. Agreed; I withdraw my objections. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpd7ko9rvj.fsf>