Date: Mon, 16 Nov 1998 22:13:04 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Marc Slemko <marcs@znep.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <199811170613.WAA24267@apollo.backplane.com> References: <Pine.BSF.4.05.9811162156340.12077-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:>
:> Nonsense. Firstly, you CAN give it up, in fact the parent can
:> force the child to give it away on fork or exec, and secondly
:
:If it is only of use to processes that fork or exec, what is the point of
:it? Doesn't a simple setuid wrapper that opens the port, setuid()s then
:executes the program do just the same thing without any hassle?
:
:If you are trying to claim that an exploit would have to exec a program
:and therefore no one would be able to exploit it, that is silly, since
:if you can execute arbitrary code to run another program you can almost
:always do a whole lot more.
I am certainly not claiming that. You are talking complete nonsense
now... you aren't even addressing the original points. You are
confusing two different security conversations, trying to apply
one to the other, and coming up clubs.
Rather then argue, why don't you simply post a better solution to
the problems we are trying to solve.
-Matt
Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet
Communications & God knows what else.
<dillon@backplane.com> (Please include original email in any response)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811170613.WAA24267>