Date: Tue, 5 Aug 1997 04:33:39 +1000 From: Bruce Evans <bde@zeta.org.au> To: sef@Kithrup.COM, tqbf@enteract.com Cc: bde@zeta.org.au, security@FreeBSD.ORG Subject: Re: Proposed alternate patch for the rfork vulnerability Message-ID: <199708041833.EAA08942@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> I'm sorry, Bruce, but having the file descriptor sharing break on >> exec is the ONLY way to have it make sense, let alone be secure. It makes just as much sense to have completely shared file descriptors after exec as before exec. The exec'ed process may not expect them, but it won't even notice if the other process doesn't do much with them - the other process should at least be able to fstat them. >The problem is specifically an issue with an interaction between the >rfork() resource sharing semantics and the SUID bit. The problem is >equally well solved by ignoring the SUID bit. No, that may give unexpected behaviour. There was actually a problem with the the non-SUID case - I got a panic in fstat() the first time I tried it (execing /usr/bin/vi). This is with yesterday's FreeBSD- current kernel. Not allowing the sharing across exec should fix the panic of course. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708041833.EAA08942>