From owner-freebsd-hackers Tue Oct 28 08:53:14 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA03547 for hackers-outgoing; Tue, 28 Oct 1997 08:53:14 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from smtp03.primenet.com (smtp03.primenet.com [206.165.5.84]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA03538 for ; Tue, 28 Oct 1997 08:53:10 -0800 (PST) (envelope-from tlambert@usr06.primenet.com) Received: (from daemon@localhost) by smtp03.primenet.com (8.8.7/8.8.7) id JAA29852; Tue, 28 Oct 1997 09:53:01 -0700 (MST) Received: from usr06.primenet.com(206.165.6.206) via SMTP by smtp03.primenet.com, id smtpd029829; Tue Oct 28 09:52:56 1997 Received: (from tlambert@localhost) by usr06.primenet.com (8.8.5/8.8.5) id JAA24834; Tue, 28 Oct 1997 09:52:43 -0700 (MST) From: Terry Lambert Message-Id: <199710281652.JAA24834@usr06.primenet.com> Subject: Re: Possible SERIOUS bug in open()? (Big time bug) To: angio@angio.net (Dave Andersen) Date: Tue, 28 Oct 1997 16:52:43 +0000 (GMT) Cc: tlambert@primenet.com, Don.Lewis@tsc.tdk.com, jamil@trojanhorse.ml.org, thorpej@nas.nasa.gov, freebsd-hackers@FreeBSD.ORG In-Reply-To: <199710280700.AAA06875@meowy.angio.net> from "Dave Andersen" at Oct 28, 97 00:00:21 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > I don't think administrators who remove "r" access to keep users > > > from copying executables would like this, since the users could > > > just switch to a copying program that uses mmap. > > > > A user can just ctrl-\ the thing and get a core and "undump" it now. > > > > If it's a net program, they can just download it. > > In reverse order: > > a) You'd most commonly do this to a program you wrote yourself to > protect it from exploitation and/or examination, not for > something you got off the net. > > b) Setuid programs haven't dumped core since the ftpd problem > a while ago. In forward order: a) The complaint was access to the image, not who wrote it. A core provides access to the image. b) Who said anything about suid being a requirement for wanting to protect the executable image? The reason you generally don't want an SUID program to core is the data section contains data it can access, but the user shouldn't be able to. Like the raw passwd file entries. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.