Date: Thu, 20 Feb 1997 11:05:04 -0700 From: Warner Losh <imp@village.org> To: Andrew Kosyakov <caseq@magrathea.chance.ru> Cc: marcs@znep.com, security@freebsd.org Subject: Re: Coredumps and setuids .. interesting.. Message-ID: <E0vxcrh-0007cg-00@rover.village.org> In-Reply-To: Your message of "Thu, 20 Feb 1997 14:31:06 %2B0300." <199702201131.OAA14947@magrathea.chance.ru> References: <199702201131.OAA14947@magrathea.chance.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199702201131.OAA14947@magrathea.chance.ru> Andrew Kosyakov writes: : So, you mean that someone may want to add an ability for an : unprivileged process to attach to the address space of a privileged : process? Well, certainly, there will be such people, but I guess : they'll have to break freefall again in order to implement that :-) : (sorry if you consider this joke to be rude). If you look at the ptrace code in 2.1.7 you'll notice that the checks for attaching to a process don't take into account that the process may have once been owned by root. This would allow a person who started, say, ftp to attach to the ftpd process once he'd logged in as himself and grab passwords. The attach functionality in 2.1.7 was broken in other ways, so it wasn't actually enabled, so the 2.1.7 systems aren't volunerable to this attack (and -current does the right thing). While it makes sense to fix these sorts of problems as they are discovered, it also makes sense to destroy sensitive data when you are done with it so that if an unknown system problem exists that causes this information to be disclosed to a third party, the window for doing so is shortened and closed completely for as many of the cases as possible. That's what I'm saying. : And I'd like to ask again: is there an official patch for 2.1.* to disable : P_SUGID process to dump core? Many people can't afford to upgrade the whole : OS on their production machines :-( David already sent this out, but you really should be tracking -stable, or at least upgrade to 2.1.7. Many security related fixes have come down the pipe, some quietly, and you really want to have all of them in a production machine that has users that aren't 100% trusted or that is accessible to the internet. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vxcrh-0007cg-00>