Date: Mon, 11 Aug 1997 08:21:25 -0700 From: Sean Eric Fagan <sef@Kithrup.COM> To: ache@nagual.pp.ru, current@freebsd.org, security@freebsd.org Subject: Re: procfs patch Message-ID: <199708111521.IAA07362@kithrup.com>
next in thread | raw e-mail | index | archive | help
>Comparing uids gains absolutely nothing. Yes, it does: it makes it useful. Tell me: how many applications do *you* have that use procfs? >The program can change uids many times and finaly do allowed combination. >But "interesting" code or data from previous superuser mode can still left >in the memory. My patch is no different than the situation with core files. If a process has your UID, you can make it dump core, and then examine its data. This is an extensio of that. >I think any access to memory must be disallowed immediately after exec of >setuid program issued by user (not setuid root) program. I.e. exec call >must set some flag (in struct proc?) disabling procfs access and procfs >call need to check this flag only. Gosh, that's what I had originally, and everyone didn't like *that*. (Frankly, neither did I.) Sean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708111521.IAA07362>