From owner-freebsd-isdn Mon Jan 4 12:43:38 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA01441 for freebsd-isdn-outgoing; Mon, 4 Jan 1999 12:43:38 -0800 (PST) (envelope-from owner-freebsd-isdn@FreeBSD.ORG) Received: from MedIS.DE (medis33.medis.de [193.141.96.33]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA01433 for ; Mon, 4 Jan 1999 12:43:34 -0800 (PST) (envelope-from Christian.Wolf@MedIS.DE) Received: from sun-chris.medis.de (sun-chris.medis.de [172.16.1.4]) by MedIS.DE (8.6.11/8.6.11) with SMTP id VAA02155; Mon, 4 Jan 1999 21:43:04 +0100 Date: Mon, 4 Jan 1999 21:43:03 +0100 (MET) From: Christian Wolf To: hm@hcs.de cc: freebsd-isdn@FreeBSD.ORG Subject: Re: regexp program In-Reply-To: <19990104204911.B5702@hcswork.hcs.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isdn@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! On Mon, 4 Jan 1999, Hellmuth Michaelis wrote: > On Mon, Jan 04, 1999 at 08:06:13PM +0100, Wilko Bulte wrote: > > > > Security is a concern, true. It would be the (sick) hack of the > > century if you could stick a regexp/regprog in somebody's isdnd.rc > > that did (e.g) 'dd if=/dev/zero of=/dev/rsd0c' If I could stick a regexp/regprog in somebody's isdnd.rc I can do a 'dd if=/dev/zero of=/dev/rsd0c' as well, can't I? > > In that respect I'd say it might make sense to not execute the regprog as root. > > It looks like isdnd/exec.c just execs whatever you feed it. Maybe a setuid(nobody) > > first? > > Something like that - on the other side: who should be permitted to access > /dev/i4b* and wouldn't it be appropriate at this time to add group "isdn" > to /etc/groups? > > I really didn't thought about all this stuff much, what do other people > think about that ? > > Thoughts, comments ? Make isdnd check the owner and permission of isdnd.rc. If it is not owned by root(0) or has not a mode like 0644 isdnd should refuse it. Regards, Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message