Date: Wed, 19 Feb 1997 04:54:41 -0800 From: David Greenman <dg@root.com> To: Andrew Kosyakov <caseq@magrathea.chance.ru> Cc: rbezuide@oskar.nanoteq.co.za (Reinier Bezuidenhout), jas@flyingfox.COM, security@freebsd.org Subject: Re: Coredumps and setuids .. interesting.. Message-ID: <199702191254.EAA12072@root.com> In-Reply-To: Your message of "Wed, 19 Feb 1997 15:34:56 %2B0300." <199702191234.PAA10870@magrathea.chance.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
>Perhaps, many people fixed their libc since that similar case with wu-ftpd. >The solution is to patch dbm code the zero out all memory being free()'d, so >that when password database is closed by endpwent() called from some >getpwname(), all passwords (except the one being returned) are erased from >memory. The following changes were suggested by someone from OpenBSD project, >but still work great for FreeBSD (the file in question is in >/usr/src/lib/libc/db/hash/): No, this isn't a good solution. It only deals with one type of sensitive data (encrypted passwords), and doesn't really "solve" the problem (e.g. you could still get it to coredump prior to it having a chance to zero everything out). The only "correct" solution is to not allow processes with potentially sensitive data (setuid, setgid) to coredump in the first place. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702191254.EAA12072>