From owner-freebsd-arch Sat Sep 2 15:12:23 2000 Delivered-To: freebsd-arch@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8928037B423; Sat, 2 Sep 2000 15:12:21 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA83959; Sat, 2 Sep 2000 15:12:21 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 2 Sep 2000 15:12:21 -0700 (PDT) From: Kris Kennaway To: Peter Wemm Cc: Poul-Henning Kamp , Brian Somers , "Jacques A. Vidrine" , Dan Nelson , sthaug@nethelp.no, ume@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: setuid ssh should die (Re: Request for review: nsswitch) In-Reply-To: <200009022207.e82M78G32995@netplex.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 2 Sep 2000, Peter Wemm wrote: > Perhaps we can add a clearsetugid() syscall that apps can call when they > are prepared to guarantee that things like libc getpwent() don't have a > cached copy of the priviliged master.passwd in memory that a coredump might > otherwise expose or ptrace() could extract. Yes, I'd be against this on these grounds. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message