From owner-freebsd-audit@FreeBSD.ORG  Tue Feb 17 08:17:12 2004
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EA8A316A4CE
	for <audit@FreeBSD.org>; Tue, 17 Feb 2004 08:17:12 -0800 (PST)
Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9])
	by mx1.FreeBSD.org (Postfix) with SMTP id B0F3B43D1F
	for <audit@FreeBSD.org>; Tue, 17 Feb 2004 08:17:11 -0800 (PST)
	(envelope-from roam@ringlet.net)
Received: (qmail 1402 invoked from network); 17 Feb 2004 16:15:46 -0000
Received: from office.sbnd.net (HELO straylight.m.ringlet.net)
	(217.75.140.130)
	by gandalf.online.bg with SMTP; 17 Feb 2004 16:15:46 -0000
Received: (qmail 81532 invoked by uid 1000); 17 Feb 2004 16:19:21 -0000
Date: Tue, 17 Feb 2004 18:19:20 +0200
From: Peter Pentchev <roam@ringlet.net>
To: audit@FreeBSD.org
Message-ID: <20040217161920.GB712@straylight.m.ringlet.net>
Mail-Followup-To: audit@FreeBSD.org,
	Jonathan Lennox <lennox@cs.columbia.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="l76fUT7nc3MelDdI"
Content-Disposition: inline
User-Agent: Mutt/1.5.6i
cc: Jonathan Lennox <lennox@cs.columbia.edu>
Subject: [CFR] PR bin/56500: rpc.lockd needs to use reserved ports
X-BeenThere: freebsd-audit@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: FreeBSD Security Audit <freebsd-audit.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-audit>
List-Post: <mailto:freebsd-audit@freebsd.org>
List-Help: <mailto:freebsd-audit-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2004 16:17:13 -0000


--l76fUT7nc3MelDdI
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

Does anybody see any possible security problems with the fix proposed
in PR bin/56500, which makes rpc.lockd regain root privileges for long
enough to bind to a reserved RPC port?

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This inert sentence is my body, but my soul is alive, dancing in the sparks=
 of your brain.

--l76fUT7nc3MelDdI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAMj8I7Ri2jRYZRVMRAiHHAJ9bT9rE9vcv68kHgjgBq9zd72xryACdFkJm
Qqkrux1STitjM30nYCjSJRw=
=FpD2
-----END PGP SIGNATURE-----

--l76fUT7nc3MelDdI--