From owner-freebsd-security Fri Oct 19 6:26:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from P7.mpionline.com (dsl-mw-209-115-240-i249-edm.nucleus.com [209.115.240.249]) by hub.freebsd.org (Postfix) with ESMTP id 6E82537B401 for ; Fri, 19 Oct 2001 06:26:53 -0700 (PDT) Received: from P5 (P5.mpionline.com [209.115.240.246]) by P7.mpionline.com (8.11.3/8.11.3) with SMTP id f9JDSeP12052 for ; Fri, 19 Oct 2001 07:28:40 -0600 (MDT) (envelope-from tomek@mpionline.com) Message-ID: <001101c158a1$d12ab320$f6f073d1@mpionline.com> From: "Tomek" To: Subject: Whats to stop one user from being root? Date: Fri, 19 Oct 2001 07:27:36 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey there, I have 2 questions really, maybe they are obvious, maybe not. 1. What is to stop a user program from calling half way in the middle of "chmod" for example and bypassing any security checking code? I know this would be highly depending on kernal version, but is there protection against this? 2. In reference to the telnet buffer overflow security problem, how is it that something as simple as fetching data for login name and data for password was not protected? If anyone has any links to detailed information about WHY the buffer overrun works (in great detail), please let me know. Its currently beyond me why the incoming data wasn't limited in size before any processing at all. Thanks, Tomek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message