Date: 19 Feb 2002 12:04:11 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: src/sys/miscfs/procfs procfs_subr.c Message-ID: <xzpy9hp68d0.fsf@flood.ping.uio.no> In-Reply-To: <xzpheod7s2a.fsf@flood.ping.uio.no> References: <Pine.NEB.3.96L.1020218191459.69361L-100000@fledge.watson.org> <xzpheod7s2a.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
[resent due to Cc: snafu] Uh, wait, I'm mixing apples and oranges here. You were talking about the -STABLE code, while I was talking about the -CURRENT code. Here's the breakdown: - pseudofs in -CURRENT had a bug where setugid processes' files were still readable by the owner of the process, but this is mostly cosmetic because procfs' back-end code always calls p_candebug() for sensitive files (ctl, mem and *regs). With yesterday's commit, the EPERM is simply thrown earlier. There was never a security problem in this code. - procfs in -STABLE had mem set group-writeable, which is a problem on systems where several users share a single primary group. I changed the permissions on mem in procfs_subr.c; procfs_access() will enforce them. This is a serious security issue, and merits an advisory. The -STABLE code still lacks defense in depth. It should be taken out back and shot. Unfortunately, I don't know enough about how locking works in -STABLE to backport pseudofs. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpy9hp68d0.fsf>