Date: Mon, 11 Aug 1997 22:52:23 +0400 (MSD) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> To: Sean Eric Fagan <sef@Kithrup.COM> Cc: FreeBSD-current <current@FreeBSD.ORG>, security@FreeBSD.ORG, Bruce Evans <bde@zeta.org.au> Subject: Re: procfs patch Message-ID: <Pine.BSF.3.96.970811224051.5953A-100000@lsd.relcom.eu.net> In-Reply-To: <199708111521.IAA07362@kithrup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Aug 1997, Sean Eric Fagan wrote: > >Comparing uids gains absolutely nothing. > > Yes, it does: it makes it useful. Useful for what? Even if they are equal at the moment you check it not means that program was not setuided before your check and have secret data in memory. > >The program can change uids many times and finaly do allowed combination. > >But "interesting" code or data from previous superuser mode can still left > >in the memory. > > My patch is no different than the situation with core files. If a process > has your UID, you can make it dump core, and then examine its data. This is > an extensio of that. As I already write you, it is false in general case. If program was setuided, you can't make core from it even it runs with your UID currently. I don't see an extension here but old security hole (core-like one) reopening as I warn already. > Gosh, that's what I had originally, and everyone didn't like *that*. > (Frankly, neither did I.) Now I like Bruce's idea that exec call should fail if procfs memory is open and setuid program is executed. -- Andrey A. Chernov <ache@null.net> http://www.nagual.pp.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970811224051.5953A-100000>