From owner-cvs-all  Tue Apr 23  7:48:39 2002
Delivered-To: cvs-all@freebsd.org
Received: from espresso.q9media.com (espresso.q9media.com [216.254.138.122])
	by hub.freebsd.org (Postfix) with ESMTP
	id AFBF637B421; Tue, 23 Apr 2002 07:48:01 -0700 (PDT)
Received: (from mike@localhost)
	by espresso.q9media.com (8.11.6/8.11.6) id g3NElMc26608;
	Tue, 23 Apr 2002 10:47:22 -0400 (EDT)
	(envelope-from mike)
Date: Tue, 23 Apr 2002 10:47:22 -0400
From: Mike Barcroft <mike@FreeBSD.org>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: Garrett Wollman <wollman@lcs.mit.edu>,
	"M. Warner Losh" <imp@village.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h
Message-ID: <20020423104722.D72727@espresso.q9media.com>
References: <20020422160742.B8421@espresso.q9media.com> <78396.1019545495@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <78396.1019545495@critter.freebsd.dk>; from phk@critter.freebsd.dk on Tue, Apr 23, 2002 at 09:04:55AM +0200
Organization: The FreeBSD Project
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Poul-Henning Kamp <phk@critter.freebsd.dk> writes:
> In message <20020422160742.B8421@espresso.q9media.com>, Mike Barcroft writes:
> 
> >I agree that the current solution to this problem is wrong.  I think
> >the most correct solution would be to fix each set[ug]id program to
> >ensure that it has a working set of the basic std{in,out,err}
> >descriptors by making a series of fstat() calls and watching for a
> >EBADF.
> 
> Right, and the best fix to the middle east situation is to make all
> persons living down there like each other.
> 
> Some times the best fix is just not viable...

Doing the base system will be far easier than say changing all
function declarations from K&R to ANSI C.  The 6 line check could
easily be added to a common libc function, and one line function call
added to the main() of every set[ug]id program.  I'm willing to do
develop a patchset over the weekend.

As far as ports go, every port that relies on the standard file
descriptors being open and doesn't check for them, is vulnerable to
this exploit on almost every UNIX-like system including most versions
of FreeBSD.  Security advisories should be released for those ports
and fixes coordinated with the vendors.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message