From owner-freebsd-security  Fri May 17 21:17:37 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id VAA22315
          for security-outgoing; Fri, 17 May 1996 21:17:37 -0700 (PDT)
Received: from bdd.net ([207.61.78.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id VAA22310
          for <security@FreeBSD.org>; Fri, 17 May 1996 21:17:34 -0700 (PDT)
Received: from localhost (james@localhost) by bdd.net (8.7.5/8.7.3) with SMTP id AAA02356; Sat, 18 May 1996 00:17:26 -0400 (EDT)
Date: Sat, 18 May 1996 00:17:24 -0400 (EDT)
From: James FitzGibbon <james@nexis.net>
To: Glen Foster <gfoster@gfoster.com>
cc: security@FreeBSD.org
Subject: Re: cvs commit: src/sbin Makefile
In-Reply-To: <199605171948.PAA00619@ptavv.nsta.org>
Message-ID: <Pine.BSI.3.93.960518001608.2342B-100000@bdd.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 17 May 1996, Glen Foster wrote:

> How about rather than changing the Makefile to not install suid, the
> full path of modload be referenced in the source.  Preserves the suid
> functionality and defeats the symlink attack.

Alternatively, the union fs could be set as only available statically,
couldn't it?  If it didn't try to load an lkm, modload would never be
referenced, by relative or absolute path.



--
j.

----------------------------------------------------------------------------
| James FitzGibbon                                         james@nexis.net |
| Integrator, The Nexis Group                     Voice/Fax : 416 410-0100 |
----------------------------------------------------------------------------