From owner-freebsd-security Mon Nov 18 11:35:57 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA07056 for security-outgoing; Mon, 18 Nov 1996 11:35:57 -0800 (PST) Received: from salsa.gv.ssi1.com (salsa.gv.ssi1.com [146.252.44.194]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA07044 for ; Mon, 18 Nov 1996 11:35:49 -0800 (PST) Received: (from gdonl@localhost) by salsa.gv.ssi1.com (8.7.5/8.7.3) id LAA16011; Mon, 18 Nov 1996 11:35:16 -0800 (PST) From: Don Lewis Message-Id: <199611181935.LAA16011@salsa.gv.ssi1.com> Date: Mon, 18 Nov 1996 11:35:16 -0800 In-Reply-To: Adam Shostack "Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2)." (Nov 18, 2:16pm) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: Adam Shostack , Don.Lewis@tsc.tdk.com (Don Lewis) Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Cc: phk@critter.tfs.com, freebsd-security@FreeBSD.org Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Nov 18, 2:16pm, Adam Shostack wrote: } Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). } } If network access went through the file system, then } chown smtp /dev/tcp/smtp would give us a known access control } mechanism, rather than trying to extend the process table. Yeah, something like that, but the usual semantics folks talk about are open("/dev/tcp/remote-address/remote-port", ...). It is really desireable to set permissions on both the local address/port and the remote address/port (user foo is only allowed to connect to port 1234 on serverA using a port in the range 2000-2050). Handling port ranges gets a bit messy, too. Then there's the nastyness of what to do about chrooted processes. You really want to be able to map a subset of the network space into their filesystems space. I think mapping network accesses into filesystem space is the way to go, but I don't know how to get the semantics right. --- Truck