From owner-freebsd-security  Mon Aug  4 00:02:04 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id AAA18508
          for security-outgoing; Mon, 4 Aug 1997 00:02:04 -0700 (PDT)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA18500
          for <security@freebsd.org>; Mon, 4 Aug 1997 00:02:00 -0700 (PDT)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.5/8.6.9) id QAA08668; Mon, 4 Aug 1997 16:51:41 +1000
Date: Mon, 4 Aug 1997 16:51:41 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199708040651.QAA08668@godzilla.zeta.org.au>
To: security@freebsd.org, sef@Kithrup.COM
Subject: Re: Proposed alternate patch for the rfork vulnerability
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>I haven't looked at the rfork code extensively... I should.  However,
>something similar to the following should be done for every shared resource
>that might be inhereted across a fork. (However, what are those?  Looking at

I think exec should just fail if it can't honour setuid'ness.  For ptrace
it is OK to turn off the trace bit and succeed, since tracing is unlikely
to be essential to the operation of the new process image, but ignoring the
setuid bit or changing the resources may affect operation.

Bruce