From owner-freebsd-hackers Tue Jun 17 01:17:48 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA02176 for hackers-outgoing; Tue, 17 Jun 1997 01:17:48 -0700 (PDT) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id BAA02169 for ; Tue, 17 Jun 1997 01:17:45 -0700 (PDT) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id KAA00810 for hackers@FreeBSD.ORG; Tue, 17 Jun 1997 10:17:43 +0200 Received: (from j@localhost) by uriah.heep.sax.de (8.8.5/8.8.5) id XAA14923; Mon, 16 Jun 1997 23:05:39 +0200 (MET DST) Message-ID: <19970616230539.ZT15015@uriah.heep.sax.de> Date: Mon, 16 Jun 1997 23:05:39 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@FreeBSD.ORG Subject: Re: (Fwd) Re: Serious potential IMAP problem References: <199706161925.MAA11250@train.tgci.com> X-Mailer: Mutt 0.60_p2-3,5,8-9 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <199706161925.MAA11250@train.tgci.com>; from Riley J. McIntire on Jun 16, 1997 12:25:30 +0000 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk As Riley J. McIntire wrote: > Normally I just lurk on the hackers list, but at the risk of being > flamed, thought this might generate some interest here as a possible > enhancement to FreeBSD. This is probably highly inflammable material. :) I will restrict the number of my followups. > > In good operating systems, there is a non-root state which equates to being > > "not logged in"; it issue an unprivileged system call to log in with > > authentication credentials in the call. The kernel validates the > > authentication credentials and sets the process's user id on success. > > I concur with this analysis. I think this guy is simply looking through his NT view onto the world, nothing else. In NT, you gotta ``log in'' first in order to do anything. In Unix, you run a process with your credentials, and you don't need to be logged in (e.g. cron can run it on your behalf). Providing a such a metauser/-state would IMHO be just _the_ target for hacking then, since you can afterwards assume any UID, including root -- since if this state can be used to login a user, it must be able to obtain Superuser privileges (in order to log in the Superuser). Presumably, after authenticating him, but if some cracker gets a similar process that doesn't authenticate, he got root. The ``good operating system'' with its method has already been proven that the requirement to always log in first also has its problems... There are rumours that when you use their telnetd, the console user suddenly switches to the identity of the telnetting user. :-O -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)