From owner-freebsd-security@FreeBSD.ORG Tue Oct 2 21:44:05 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 021A01065673 for ; Tue, 2 Oct 2012 21:44:05 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id D0BF38FC15 for ; Tue, 2 Oct 2012 21:44:04 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 96B75C72A; Tue, 2 Oct 2012 14:44:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1349214244; bh=fslg2GiaCbts2ygcpsmMkrR9O0kBM9DKbn0klr4YUKw=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=N+M2GQGqy3WLGNFZQ7wvI/rV+zSWf1s+WIkX3haoIXYTEBRzW1oyZvaH9iQpSDWYp YQn4itvTn4v95c5Qa3zaRgWZ936ng3TPGEayJGPbjks+ldNHbT1Pq5oilsd8U7g6/P Mehg0PL0c42vaDMgDwMoxC+wXXJlEchGZt+7M0fg= Message-ID: <506B6024.8050908@delphij.net> Date: Tue, 02 Oct 2012 14:44:04 -0700 From: Xin Li Organization: The freeBSD Project User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0.7) Gecko/20120830 Thunderbird/10.0.7 MIME-Version: 1.0 To: Eitan Adler References: <9DD86238-51C8-4F38-B7EB-BD773039888B@cederstrand.dk> <20121001104901.GJ35915@deviant.kiev.zoral.com.ua> <20121001110805.GL35915@deviant.kiev.zoral.com.ua> In-Reply-To: X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Konstantin Belousov , "freebsd-security@freebsd.org" , Erik Cederstrand Subject: Re: Opinion on checking return value of setuid(getuid())? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Oct 2012 21:44:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/02/12 07:45, Eitan Adler wrote: > On 2 October 2012 08:38, Erik Cederstrand > wrote: >> Den 01/10/2012 kl. 13.55 skrev Eitan Adler >> : >> >>> On 1 October 2012 07:08, Konstantin Belousov >>> wrote: >>>> I do not believe in the dreadful 'flood ping' security >>>> breach. Is a local escalation possible with non-dropped root >>>> ? >>> >>> It is clearly a local escalation: a non-root user can do >>> something which was intended only for root. It is a different >>> question how serious the breach is. >> >> Are there any objections to the path I attached in my first post? >> To the approach in general? If not, I'll send a PR so it doesn't >> get lost. > Not by me. Please cc me on the PR as I'll commit if no one else > objects. It doesn't seem hurt in general but if you are going to commit it please also change the other instances in the base system. I personally don't think this is useful either -- the case does not apply to FreeBSD and it seems that the Linux implementation is actually a POSIX violation as setuid() is not permitted to return ENOMEM. Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQa2AkAAoJEG80Jeu8UPuzgYEIAJ3C6ktqB/Pbc7oMiKv0+WJQ NJ5RHWqXp98mDDWrkVhwiCoYjACgvnrRmHujk4Rc/uo5+fVNAGGsagvuBn04ZXOk ANDG+dpsYN1uuQQtabheoO/EoZRVd+0q84mM9gNC6qcHPzXgqJLc+pRQpfG2tTxk wqYqG4d4FTSGveOiGqJV8jvvAyLIxhEXvaoLNEPYyKKC7tKVEOZDH355Zi0C0KIh otZrlKna7WECSd3vCZArnd/qTO+s9WorgUGXPJdN57a1r4QIZM1/Hrja5R2wMtvU dLeo+MVnDjmP6Lpp22dQFg/sj3LQnnVTTC/uZSYanfqf6f6xFjm8hp+EkhJJdjA= =12ki -----END PGP SIGNATURE-----