From owner-freebsd-hackers  Sun Aug 10 08:14:09 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA25057
          for hackers-outgoing; Sun, 10 Aug 1997 08:14:09 -0700 (PDT)
Received: from server.local.sunyit.edu (A-T34.rh.sunyit.edu [150.156.210.241])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA25052
          for <hackers@FreeBSD.org>; Sun, 10 Aug 1997 08:14:06 -0700 (PDT)
Received: from localhost (perlsta@localhost)
	by server.local.sunyit.edu (8.8.5/8.8.5) with SMTP id KAA07472
	for <hackers@FreeBSD.org>; Sun, 10 Aug 1997 10:19:52 GMT
X-Authentication-Warning: server.local.sunyit.edu: perlsta owned process doing -bs
Date: Sun, 10 Aug 1997 10:19:52 +0000 (GMT)
From: Alfred Perlstein <perlsta@sunyit.edu>
X-Sender: perlsta@server.local.sunyit.edu
To: hackers@FreeBSD.org
Subject: Fix for the PROCFS security hole!
Message-ID: <Pine.BSF.3.96.970810101530.7449B-100000@server.local.sunyit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk


I'm not to sure how to do it, but IF the procfs system could be modified
to somehow act like the /dev/tty* system, where the second a user
logs on the device is then owned by them and all other users access is
revoked.  This could work that a setuid proc when exec'd, procfs would
automatically change permissions on it so that it is untainable.

would this work? would it break a lot of stuff? i don't see why you would
need to modify effectivly other peoples' programs except to cause some
sort of security breach.

._________________________________________ __ _
|Alfred Perlstein - Programming & SysAdmin
|perlsta@sunyit.edu
|http://www.cs.sunyit.edu/~perlsta
: ---"Have you seen my FreeBSD tatoo?"
'