From owner-freebsd-security Sun Aug 10 11:36:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA05401 for security-outgoing; Sun, 10 Aug 1997 11:36:23 -0700 (PDT) Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA05396 for ; Sun, 10 Aug 1997 11:36:20 -0700 (PDT) Received: from localhost (brian@localhost) by shell.firehouse.net (8.8.5/8.8.5) with SMTP id OAA19115; Sun, 10 Aug 1997 14:36:13 -0400 (EDT) Date: Sun, 10 Aug 1997 14:36:13 -0400 (EDT) From: Brian Mitchell To: "Jonathan A. Zdziarski" cc: bugtraq@netspace.org, freebsd-security@FreeBSD.ORG Subject: Re: procfs hole In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 10 Aug 1997, Jonathan A. Zdziarski wrote: > never mind about my last message - I was finally able to get it to work on > both 2.2.2 and 2.2.1 systems. ack. is the 'su' command the only > pheasable method of manipulating this problem, or do you think it could be > done with other setuid programs? I'm running sudo, and can disable su, > but then again what if sudo can be modified. Don't be silly, any setuid program can be used. If I chose to overwrite printf() with code to setuid and execute a shell, it would prob work with any setuid program. As noted, the easiest way to avoid the problem is just to disable procfs -- nobody really uses it anyways.