From owner-freebsd-security  Mon Nov 18 13:28:50 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id NAA12925
          for security-outgoing; Mon, 18 Nov 1996 13:28:50 -0800 (PST)
Received: from salsa.gv.ssi1.com (salsa.gv.ssi1.com [146.252.44.194])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA12910
          for <freebsd-security@FreeBSD.org>; Mon, 18 Nov 1996 13:28:40 -0800 (PST)
Received: (from gdonl@localhost) by salsa.gv.ssi1.com (8.7.5/8.7.3) id NAA16195; Mon, 18 Nov 1996 13:27:19 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199611182127.NAA16195@salsa.gv.ssi1.com>
Date: Mon, 18 Nov 1996 13:27:19 -0800
In-Reply-To: Jeff Aitken <jaitken@cslab.vt.edu>
       "Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2)." (Nov 18,  3:42pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Jeff Aitken <jaitken@cslab.vt.edu>, Don.Lewis@tsc.tdk.com (Don Lewis)
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
Cc: freebsd-security@FreeBSD.org
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Nov 18,  3:42pm, Jeff Aitken wrote:
} Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
} Don Lewis writes:
} > On Nov 18,  2:16pm, Adam Shostack wrote:
} > } Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
} > } 
} > } 	If network access went through the file system, then 
} > } chown smtp /dev/tcp/smtp would give us a known access control
} > } mechanism, rather than trying to extend the process table.
} > 
} > I think mapping network accesses into filesystem space is the way to
} > go, but I don't know how to get the semantics right.
} 
} Am I mis-remembering things, or is this exactly the sort of thing the
} portal filesystem is supposed to provide?  I don't have my 4.4BSD book
} handy, but I seem to recall reading about this kind of feature.

Sort of, though the classical implementation only allows you to specify
the remote address for the network connection.  Also, there's no way
to do a chown(), so any access rights checking has to be performed by
the portal daemon rather than by filesystem permission bits.

			---  Truck