Date: Sun, 15 Nov 1998 15:10:26 -0700 From: Warner Losh <imp@village.org> To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Cc: Matthew Dillon <dillon@apollo.backplane.com>, hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811152210.PAA01604@harmony.village.org> In-Reply-To: Your message of "Sun, 15 Nov 1998 19:22:24 %2B0100." <19981115192224.A29686@internal> References: <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19981115192224.A29686@internal> Andre Albsmeier writes: : > * xterm (suid root for utmp access) : : Yes, this is another candidate. Is the setuid root permission really only : used to access /var/run/utmp? No. xterm uses it to chown the pty to the user. It would be hard for the device to chown itself when opened, since devices operate below the file system.... xterm tosses its setuid-ness quickly. There is a window in xterm for attack, should it do its data copies or file creation in a sloppy manner. I don't think that low port binding restrictions would be worth it. What does it really buy you? Little, imho. If an intruder breaks the daemon, you can run arbitrary code as that user, and then be a "trusted" user on the network, which would likely make it easy to gain root from there. I think that it will complicate things too much for the small security gains that you'll get from it. Just my opinion, mind you. Likewise for other pseudo capabilities. A full blown one might help, but I remain skeptical. Back to the original thread, I'm not sure how making more programs setgid would help system security. Small ones that are easy to audit have proven, in the past, that too many programmers don't know how to use C's APIs in the face of a malicious attacker[*]. Larger programs seem to me to be asking for trouble. Problems may also arise in the long term as the pw acquires new meanings that early adapters weren't aware of. Look at how /etc/shells has grown from just being those users that can login to ftp, to being much, much more... Warner [*] Don't flame 'c' unless you have a complete system in place to take its place that performs as well. We've had that flame war here too recently for everyone to have lost their mind :-). Even the internet doesn't loose its mind that quickly :-). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811152210.PAA01604>