Date: Tue, 5 Aug 1997 03:53:05 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, tqbf@enteract.com Cc: security@FreeBSD.ORG, sef@Kithrup.COM Subject: Re: Proposed alternate patch for the rfork vulnerability Message-ID: <199708041753.DAA05901@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>exeve() doesn't "turn off the sharing". Execution of an SUID program in a >process that shares a file descriptor table causes the SUID bit not to be >honored; this is a semantic with precedent (NOSUID, ptrace). I would argue that ptrace is broken (but has to stay that way for historical reasons). It isn't very useful to lose control on exec - if you want that then you can detach before exec. Losing the shared descriptor table on exec is also useless. If the table is shared then you probably want it to continue to be shared. This only causes security problems in the setuid case. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708041753.DAA05901>