Date: Tue, 1 Oct 1996 11:05:03 PDT From: Bill Fenner <fenner@parc.xerox.com> To: Marc Slemko <marcs@znep.com> Cc: freebsd-security@freebsd.org Subject: Re: setuid programs in freebsd Message-ID: <96Oct1.110511pdt.177476@crevenia.parc.xerox.com> In-Reply-To: Your message of "Sun, 29 Sep 1996 20:55:48 PDT." <Pine.BSF.3.95.960929214259.16956L-100000@alive.ampr.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Marc,
There are certain programs that have been modified to do the minimum
required tasks before releasing their setuid-ness, e.g. ping and traceroute
basically do
main()
{
s = socket();
setuid(getuid());
I've been meaning to do the same to mrinfo & mtrace for quite a long time.
Perhaps these could be specially labelled in your document?
> 119 32 -r-sr-xr-x 1 root bin 16384 Jul 16 20:34 ./usr/sbin
> /traceroute
>
>COMMENTS: There have been some recent security fixes in traceroute, but
>I am uncertain as to if they fix exploitable holes. ***
Yes, the holes are exploitable if you control the DNS of a host that you can
traceroute through.
>COMMENTS: ping is a very useful thing for users, although there are possible
>denial of service attacks possible, especially with the '-l' option. There
>have been some potential security holes fixed after 2.1.5 was released,
>but it appears like none of them are exploitable. Perhaps.
I agree, the setuid(getuid()) in ping was basically belt-and-suspenders kind
of fix.
Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?96Oct1.110511pdt.177476>