Date: Mon, 4 Aug 1997 14:36:54 -0600 (MDT) From: Marc Slemko <marcs@znep.com> To: security@FreeBSD.ORG Subject: Re: Proposed alternate patch for the rfork vulnerability Message-ID: <Pine.BSF.3.95.970804143554.27439R-100000@alive.znep.com> In-Reply-To: <19970804195706.9133.qmail@ishiboo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Aug 1997 nirva@ishiboo.com wrote: > Sean Eric Fagan stands accused of saying: > > I'm sorry, Bruce, but having the file descriptor sharing break on > > exec is the ONLY way to have it make sense, let alone be secure. > > > > Breaking file descriptor sharing is breaking the established sematics > of rfork(). I'm not sure I like breaking sharing on execs either. An alternative I haven't seen mentioned is simply haveing exec() fail if it tries to exec a setuid program when descriptors are being shared. If someone isn't checking the return from exec, that is their problem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970804143554.27439R-100000>