Date: Mon, 11 Dec 2000 09:42:26 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Chris Richards <richards+bsd@CS.Princeton.EDU> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc crontab Message-ID: <Pine.NEB.3.96L.1001211093630.41424C-100000@fledge.watson.org> In-Reply-To: <20001211013551.A30301@ethel.williams.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Dec 2000, Chris Richards wrote: > > This is correct. However, this does not apply to the periodic binary, > > directories, or most base system files, unfortunately. Maybe we need a > > /var/run/locks with appropriate turnstile files with appropriate modes > > set. > > I don't understand what you mean to say here. What's to prevent the > creation of a /var/run/periodic.lock, for example, with mode 600? > Then periodic, running as root, will be able to aquire the advisory > lock on this file, and ordinary users won't. The possibility of a DoS > is thus eliminated. > > Am I missing something obvious? In the quoted material above, you > seem to be suggesting that it is insecure to use most base system > files as lock files. True -- but what would be the point in doing so? The point of my statement was to discourage people from using these base files, and encourage them to use files with appropriate protection modes instead. There's nothing wrong with using /var/run/periodic.lock; it would be equivilent to putting it in a seperate locks directory. The reason for my talking about what I talked about in the quoted section was that it seemed there was a specific proposal to do so. One thing we've been considering from a security perspective is breaking out the contents of /var/run into sub-directories by specific task. The reason for doing this is that, in the presence of the TrustedBSD extensions, many programs that currently run with root privileges will no longer do so, meaning they won't be able to write to /var/run to create their pid files (etc). This isn't a problem for periodic which generally runs with high levels of privilege (although perhaps it shouldn't for most of its work). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001211093630.41424C-100000>