From owner-freebsd-security Mon Nov 18 15:39:48 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA22732 for security-outgoing; Mon, 18 Nov 1996 15:39:48 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA22703 for ; Mon, 18 Nov 1996 15:39:29 -0800 (PST) Received: (adam@localhost) by homeport.org (8.6.9/8.6.9) id SAA15752; Mon, 18 Nov 1996 18:35:13 -0500 From: Adam Shostack Message-Id: <199611182335.SAA15752@homeport.org> Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). In-Reply-To: <9611182042.AA26448@husky.cslab.vt.edu> from Jeff Aitken at "Nov 18, 96 03:42:13 pm" To: jaitken@cslab.vt.edu (Jeff Aitken) Date: Mon, 18 Nov 1996 18:35:12 -0500 (EST) Cc: Don.Lewis@tsc.tdk.com, freebsd-security@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Jeff Aitken wrote: | Don Lewis writes: | > On Nov 18, 2:16pm, Adam Shostack wrote: | > } Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). | > } | > } If network access went through the file system, then | > } chown smtp /dev/tcp/smtp would give us a known access control | > } mechanism, rather than trying to extend the process table. | > | > I think mapping network accesses into filesystem space is the way to | > go, but I don't know how to get the semantics right. | | Am I mis-remembering things, or is this exactly the sort of thing the | portal filesystem is supposed to provide? I don't have my 4.4BSD book | handy, but I seem to recall reading about this kind of feature. It does indeed mention this, and suggests a semantic of /net/tcp/McKusick.com/smtp. It refers to a paper by Stevens & Pendry (Portals in 4.4BSD, Jan 95 Usenix proceedings). Page 237 of 4.4bsd. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume