From owner-cvs-all Tue Apr 23 8: 3: 4 2002 Delivered-To: cvs-all@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 69E0C37B419; Tue, 23 Apr 2002 08:02:46 -0700 (PDT) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id BAA31976; Wed, 24 Apr 2002 01:00:08 +1000 Date: Wed, 24 Apr 2002 01:01:06 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: "M. Warner Losh" Cc: mike@FreeBSD.org, , , Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h In-Reply-To: <20020422.142931.00009329.imp@village.org> Message-ID: <20020424005715.A12477-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 22 Apr 2002, M. Warner Losh wrote: > In message: <20020422160742.B8421@espresso.q9media.com> > Mike Barcroft writes: > : I agree that the current solution to this problem is wrong. I think > : the most correct solution would be to fix each set[ug]id program to > : ensure that it has a working set of the basic std{in,out,err} > : descriptors by making a series of fstat() calls and watching for a > : EBADF. > > There are too many of them that don't do this, and more being added to > the tree all the time, esp in ports. There was a port that caused > this issue to boil up to the top of the list. Until such time as we > can guarnatee that all such setuid programs are perfect, we should > adopt a defensive posture. I think at least the bug exploited is mainly in stdio. stdio does plumbing hacks to make stdio "work" with streams that are not opened properly. The exploit shows that the hacks are too imperfect to use in setuid programs. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message