Date: Sat, 02 Nov 1996 16:06:25 -0800 From: Bill Trost <trost@cloud.rain.com> To: freebsd-security@FreeBSD.org Subject: Re: rwhod buffer overflow bug Message-ID: <m0vJq54-00004qC@cloud.rain.com> In-Reply-To: Your message of Fri, 01 Nov 1996 10:07:16 %2B0100. <199611010907.KAA26376@spooky.lss.cp.philips.com> References: <199611010907.KAA26376@spooky.lss.cp.philips.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I may have asked this question before, but: Why not make rwhod setuid() itself down once it has its sockets and /dev/kmem open? /var/rwho would have to be writable by that user, but otherwise the running rwho would have few privileges with which to do any real damage to the system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0vJq54-00004qC>