From owner-freebsd-isdn  Mon Jan  4 11:31:09 1999
Return-Path: <owner-freebsd-isdn@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA22503
          for freebsd-isdn-outgoing; Mon, 4 Jan 1999 11:31:09 -0800 (PST)
          (envelope-from owner-freebsd-isdn@FreeBSD.ORG)
Received: from silver.gn.iaf.nl (silver.gn.iaf.nl [193.67.144.11])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA22491
          for <freebsd-isdn@FreeBSD.ORG>; Mon, 4 Jan 1999 11:31:02 -0800 (PST)
          (envelope-from wilko@yedi.iaf.nl)
Received: from uni4nn.gn.iaf.nl (osmium.gn.iaf.nl [193.67.144.12])
	by silver.gn.iaf.nl (8.8.8/8.8.8) with SMTP id UAA01681;
	Mon, 4 Jan 1999 20:30:29 +0100
Received: by uni4nn.gn.iaf.nl with UUCP id AA11728
  (5.67b/IDA-1.5); Mon, 4 Jan 1999 20:19:35 +0100
Received: (from wilko@localhost) by yedi.iaf.nl (8.8.8/8.6.12) id UAA01275; Mon, 4 Jan 1999 20:06:13 +0100 (CET)
From: Wilko Bulte <wilko@yedi.iaf.nl>
Message-Id: <199901041906.UAA01275@yedi.iaf.nl>
Subject: Re: regexp program
In-Reply-To: <m0zx5rP-0000fOC@hcswork.hcs.de> from Hellmuth Michaelis at "Jan 4, 99 09:59:39 am"
To: hm@hcs.de
Date: Mon, 4 Jan 1999 20:06:13 +0100 (CET)
Cc: freebsd-isdn@FreeBSD.ORG
X-Organisation: Private FreeBSD site - Arnhem, The Netherlands
X-Pgp-Info: PGP public key at 'finger wilko@freefall.freebsd.org'
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isdn@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

As Hellmuth Michaelis wrote...
> >From the keyboard of Wilko Bulte:
> 
> > Why is it that isdnd requires the regprog to live under /etc/isdn?
> 
> I thought it were a bit more secure.

Security is a concern, true. It would be the (sick) hack of the century if you could
stick a regexp/regprog in somebody's isdnd.rc that did (e.g) 'dd if=/dev/zero
of=/dev/rsd0c' or something similar after you called him :-\ I'm a bit doubtful
whether it makes much difference if the regprog is in /etc/isdn or somewhere else.

In that respect I'd say it might make sense to not execute the regprog as root.
It looks like isdnd/exec.c just execs whatever you feed it. Maybe a setuid(nobody)
first?

Wilko
_     ______________________________________________________________________
 |   / o / /  _  Bulte 				  email: wilko@yedi.iaf.nl 
 |/|/ / / /( (_) Arnhem, The Netherlands          WWW  : http://www.tcja.nl
______________________________________________ Powered by FreeBSD __________

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message