From owner-freebsd-arch  Sat Sep  2 15:12:23 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8928037B423; Sat,  2 Sep 2000 15:12:21 -0700 (PDT)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA83959;
	Sat, 2 Sep 2000 15:12:21 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Sat, 2 Sep 2000 15:12:21 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Peter Wemm <peter@netplex.com.au>
Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>,
	Brian Somers <brian@Awfulhak.org>,
	"Jacques A. Vidrine" <n@nectar.com>,
	Dan Nelson <dnelson@emsphone.com>, sthaug@nethelp.no,
	ume@FreeBSD.ORG, arch@FreeBSD.ORG
Subject: Re: setuid ssh should die (Re: Request for review: nsswitch) 
In-Reply-To: <200009022207.e82M78G32995@netplex.com.au>
Message-ID: <Pine.BSF.4.21.0009021511510.83163-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 2 Sep 2000, Peter Wemm wrote:

> Perhaps we can add a clearsetugid() syscall that apps can call when they
> are prepared to guarantee that things like libc getpwent() don't have a
> cached copy of the priviliged master.passwd in memory that a coredump might
> otherwise expose or ptrace() could extract.

Yes, I'd be against this on these grounds.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message