From owner-freebsd-bugs  Thu Sep 21 17:50: 5 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3D02737B446
	for <freebsd-bugs@FreeBSD.org>; Thu, 21 Sep 2000 17:50:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id RAA16571;
	Thu, 21 Sep 2000 17:50:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 1689137B43E; Thu, 21 Sep 2000 17:48:42 -0700 (PDT)
Message-Id: <20000922004842.1689137B43E@hub.freebsd.org>
Date: Thu, 21 Sep 2000 17:48:42 -0700 (PDT)
From: kris@freebsd.org
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: kern/21463: Linux compatability mode should not allow setuid programs
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         21463
>Category:       kern
>Synopsis:       Linux compatability mode should not allow setuid programs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 21 17:50:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Kris Kennaway
>Release:        
>Organization:
>Environment:
>Description:
Linux compat mode should disallow the execution of setugid applications
by default, to protect us against linux userland vulnerabilities as well
as subtle interactions between the kernel privilege model in Linux and
FreeBSD which may introduce security problems of its own (e.g. allowing
a linux binary to do things which a freebsd native binary compiled from 
the same code cannot do)

We don't have any setugid binaries installed from the linux_base and
linux_devtools ports so this won't affect the default system. I suggest
a sysctl, defaulting to off, which controls whether or not emulated
binaries can run with privileges.

This is also an issue with other binary compatability systems like SVR4
and should also be fixed there too.

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message