From owner-freebsd-hackers  Sun Aug 10 08:45:48 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA26580
          for hackers-outgoing; Sun, 10 Aug 1997 08:45:48 -0700 (PDT)
Received: from server.local.sunyit.edu (A-T34.rh.sunyit.edu [150.156.210.241])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA26568
          for <hackers@FreeBSD.ORG>; Sun, 10 Aug 1997 08:45:44 -0700 (PDT)
Received: from localhost (perlsta@localhost)
	by server.local.sunyit.edu (8.8.5/8.8.5) with SMTP id KAA07534;
	Sun, 10 Aug 1997 10:51:27 GMT
X-Authentication-Warning: server.local.sunyit.edu: perlsta owned process doing -bs
Date: Sun, 10 Aug 1997 10:51:27 +0000 (GMT)
From: Alfred Perlstein <perlsta@sunyit.edu>
X-Sender: perlsta@server.local.sunyit.edu
To: Eivind Eklund <perhaps@yes.no>
cc: hackers@FreeBSD.ORG
Subject: Re: Fix for the PROCFS security hole!
In-Reply-To: <199708101539.RAA05202@bitbox.follo.net>
Message-ID: <Pine.BSF.3.96.970810104804.7529A-100000@server.local.sunyit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Well that seems to be the answer then, however i think that a program
running as root should be able to modify it's child processes.  I'd love
to write it but i'm not sure if i know enough about it...

._________________________________________ __ _
|Alfred Perlstein - Programming & SysAdmin
|perlsta@sunyit.edu
|http://www.cs.sunyit.edu/~perlsta
: ---"Have you seen my FreeBSD tatoo?"
'

On Sun, 10 Aug 1997, Eivind Eklund wrote:

> > 
> > 
> > I'm not to sure how to do it, but IF the procfs system could be modified
> > to somehow act like the /dev/tty* system, where the second a user
> > logs on the device is then owned by them and all other users access is
> > revoked.  This could work that a setuid proc when exec'd, procfs would
> > automatically change permissions on it so that it is untainable.
> 
> Possibly.  It seems somewhat difficult, though, as when you have a
> file-descriptor I believe the access is only checked the moment you
> open the file, not on each access.  Thus, you can e.g. drop root
> privileges after having bound to a privileged port.
> 
> It might be possible to hack only procfs to actually do that checking,
> though.  Seems the most feasible way to solve this.
> 
> Eivind.
>