From owner-freebsd-security Wed Nov 18 01:25:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA07516 for freebsd-security-outgoing; Wed, 18 Nov 1998 01:25:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA07509 for ; Wed, 18 Nov 1998 01:25:48 -0800 (PST) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail.siemens.de (salomon.siemens.de [139.23.33.13]) by david.siemens.de (8.9.1a/8.9.1) with ESMTP id KAA11484 for ; Wed, 18 Nov 1998 10:25:19 +0100 (MET) Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23]) by mail.siemens.de (8.9.1a/8.9.1) with ESMTP id KAA26124 for ; Wed, 18 Nov 1998 10:25:18 +0100 (MET) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.8.8/8.8.8) id KAA11824 for ; Wed, 18 Nov 1998 10:25:19 +0100 (CET) Message-ID: <19981118102515.A1623@internal> Date: Wed, 18 Nov 1998 10:25:15 +0100 From: Andre Albsmeier To: Peter Jeremy , security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? References: <98Nov18.075152est.40335@border.alcanet.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <98Nov18.075152est.40335@border.alcanet.com.au>; from Peter Jeremy on Wed, Nov 18, 1998 at 07:52:13AM +1100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 18-Nov-1998 at 07:52:13 +1100, Peter Jeremy wrote: > Andre Albsmeier wrote: > >I just was alarmed by xlockmore that a program runs setuid root all the time > >only to check the password the user enters. > In the case of xlockmore (and similar programs), the logical approach > would seem to be to split the functionality into two processes: the > parent process remains privileged(*), but all it would do is seize the > keyboard/mouse, blank the screen and spawn children to actually display > the pretty patterns. The children don't need to be priviledged, and if > one crashes, the parent can just start another. > > An alternative approach would be to have the entire saver run non- > privileged and call a privileged program to check the password. > Securely writing the password checking program (so it couldn't be > used for password cracking) is non-trivial. Isn't that a bit overkill if we have a simpler solution? > > > And, regardless whether xlockmore > >has known bugs or not, > xlockmore-4.10 definitely does have bugs - several of the standard saver > modes will die with SIGFPE (suddenly unlocking your screen). Never (and I mean never :-)) saw that on my 14 machines. But I have to say that I left out some of the modules (the ones that suck cpu time). > > (*) Currently, this means setuid root, but all it needs is sufficient > privileges to validate a password. > > Peter -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message