From owner-freebsd-security Sun Aug 10 11:38:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA05602 for security-outgoing; Sun, 10 Aug 1997 11:38:50 -0700 (PDT) Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA05597 for ; Sun, 10 Aug 1997 11:38:48 -0700 (PDT) Received: from localhost (brian@localhost) by shell.firehouse.net (8.8.5/8.8.5) with SMTP id OAA19130; Sun, 10 Aug 1997 14:38:41 -0400 (EDT) Date: Sun, 10 Aug 1997 14:38:41 -0400 (EDT) From: Brian Mitchell To: "Jonathan A. Zdziarski" cc: bugtraq@netspace.org, freebsd-security@FreeBSD.ORG Subject: Re: procfs hole In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 10 Aug 1997, Jonathan A. Zdziarski wrote: This would be a horrible solution. Someone is just going to chose another function to overwrite and do a setuid(0) and execve() of some shell. > Would disabling bash and sh (and any other shells that allowed this) be a > good temporary solution? I've noticed you have to have it set as your > default shell, so removing it from /etc/shells could prevent this. It's > either that or disbale procfs (and I'm still not sure what the effects of > that would be) > > > ------------------------------------------------------------------------- > Jonathan A. Zdziarski NetRail Incorporated > Server Engineering Manager 230 Peachtree St. Suite 500 > jonz@netrail.net Atlanta, GA 30303 > http://www.netrail.net (888) - NETRAIL > ------------------------------------------------------------------------- > >