From owner-freebsd-security Sun Dec 22 16:48:14 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA29683 for security-outgoing; Sun, 22 Dec 1996 16:48:14 -0800 (PST) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id QAA29678 for ; Sun, 22 Dec 1996 16:48:12 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id QAA23206; Sun, 22 Dec 1996 16:47:02 -0800 (PST) Message-Id: <199612230047.QAA23206@root.com> X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol To: Victor Rotanov cc: cschuber@uumail.gov.bc.ca, freebsd-security@FreeBSD.org Subject: Re: seems like procfs bug... In-reply-to: Your message of "Sun, 22 Dec 1996 19:54:38 GMT." From: David Greenman Reply-To: dg@root.com Date: Sun, 22 Dec 1996 16:47:02 -0800 Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk >> > Heres the problem: >> > >> > There is r-xr-xr-x file in rwx------ directory. >> > When i run it, everyone is able to read it from /proc//file. >> > Seems like a bug, eh? >> > >> >> >> Maybe I'm missing something. I can't reproduce your problem on my 2.1.5 >> systems. > >I'm running 2.2 and i never tried this on 2.1.5. 2.1.5 had the 'file' disabled because it didn't work right. We should probably kill it in 2.2, too, but only because it isn't very useful and (as you've pointed out) creates a security hole. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project