Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Apr 2002 09:25:14 -0600 (MDT)
From:      "M. Warner Losh" <imp@village.org>
To:        mike@FreeBSD.org
Cc:        phk@critter.freebsd.dk, wollman@lcs.mit.edu, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h
Message-ID:  <20020423.092514.68569803.imp@village.org>
In-Reply-To: <20020423104722.D72727@espresso.q9media.com>
References:  <20020422160742.B8421@espresso.q9media.com> <78396.1019545495@critter.freebsd.dk> <20020423104722.D72727@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

In message: <20020423104722.D72727@espresso.q9media.com>
            Mike Barcroft <mike@FreeBSD.org> writes:
: Poul-Henning Kamp <phk@critter.freebsd.dk> writes:
: > In message <20020422160742.B8421@espresso.q9media.com>, Mike Barcroft writes:
: > 
: > >I agree that the current solution to this problem is wrong.  I think
: > >the most correct solution would be to fix each set[ug]id program to
: > >ensure that it has a working set of the basic std{in,out,err}
: > >descriptors by making a series of fstat() calls and watching for a
: > >EBADF.
: > 
: > Right, and the best fix to the middle east situation is to make all
: > persons living down there like each other.
: > 
: > Some times the best fix is just not viable...
: 
: Doing the base system will be far easier than say changing all
: function declarations from K&R to ANSI C.  The 6 line check could
: easily be added to a common libc function, and one line function call
: added to the main() of every set[ug]id program.  I'm willing to do
: develop a patchset over the weekend.

Does this also go for all the ports in the ports tree?  What about
legacy binaries?

: As far as ports go, every port that relies on the standard file
: descriptors being open and doesn't check for them, is vulnerable to
: this exploit on almost every UNIX-like system including most versions
: of FreeBSD.  Security advisories should be released for those ports
: and fixes coordinated with the vendors.

Right.  That's why we added this to the kernel.

There is about 0 chance of removing it from the kernel at this point.
I know people hate it, but *NONE* of the other solutions are secure.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423.092514.68569803.imp>