From owner-freebsd-security  Fri Jun  9  6:50:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id A565A37C3AC
	for <freebsd-security@FreeBSD.ORG>; Fri,  9 Jun 2000 06:50:10 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA30820;
	Fri, 9 Jun 2000 06:50:08 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda30814; Fri Jun  9 06:49:48 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id GAA17069;
	Fri, 9 Jun 2000 06:49:47 -0700 (PDT)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdo17067; Fri Jun  9 06:49:13 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.10.2/8.9.1) id e59DnCf13738;
	Fri, 9 Jun 2000 06:49:12 -0700 (PDT)
Message-Id: <200006091349.e59DnCf13738@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdR13731; Fri Jun  9 06:48:37 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 4.0-STABLE
X-Sender: cy
To: "Matthew B. Henniges" <matt@axl.net>
Cc: freebsd-security@FreeBSD.ORG, dillon@apollo.backplane.com
Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) 
In-reply-to: Your message of "Fri, 09 Jun 2000 03:03:02 EDT."
             <KBEAJDGMGMDNDPICHDNHAEPDFJAA.matt@axl.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 09 Jun 2000 06:48:36 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <KBEAJDGMGMDNDPICHDNHAEPDFJAA.matt@axl.net>, "Matthew B. 
Henniges" w
rites:
> And what of suid programs? Do they use the users tmp(and possible fall to
> symlink/race/whatever..)
> 
> or do they use a different one(roots?)
> 
> do suid programs all use roots /tmp, no matter who runs them?

Very good point.  SUID programs do inherit the parent's environment.

The wider and a couple of others have discussed here will require significant architecture changes to FreeBSD.  I think for now,

1.  Matt Dillon's suggestion of symlinking /var/tmp to /tmp on its own
    filesystem is the most secure option we have right now without
    gutting the whole system.  This should be committed to FreeBSD.
    (My apologies Matt for stomping all over you.  That was totally
    uncalled for.)

2.  The hlfs/amd option I advocate will suffer from what you discuss.
    Turning off SUID is not an option.

3.  A special "temporary" filesystem that would isolate users temporary
    filesystem address spaces from each other would be the ultimate
    solution, however I don't have enough FreeBSD kernel experience to
    tackle this -- if this was an MVS kernel, that would be another
    matter...


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message