Date: Sat, 2 Nov 1996 22:40:27 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Bill Trost <trost@cloud.rain.com> Cc: freebsd-security@FreeBSD.org Subject: Re: rwhod buffer overflow bug Message-ID: <Pine.BSF.3.95.961102223426.267A-100000@alive.ampr.ab.ca> In-Reply-To: <m0vJq54-00004qC@cloud.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It runs as daemon in -current: ---------------------------- revision 1.4 date: 1996/08/26 17:01:58; author: pst; state: Exp; lines: +1 -1 Run as daemon.daemon, not nobody.daemon ---------------------------- revision 1.3 date: 1996/08/25 21:37:11; author: pst; state: Exp; lines: +49 -9 Fix buffer overrun, and run as nobody ---------------------------- I haven't looked to be sure it actually gives away all privileges that it can, but it is running as non-root. Now, that change hasn't made it back to -stable. On Sat, 2 Nov 1996, Bill Trost wrote: > I may have asked this question before, but: Why not make rwhod > setuid() itself down once it has its sockets and /dev/kmem open? > /var/rwho would have to be writable by that user, but otherwise > the running rwho would have few privileges with which to do any > real damage to the system. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961102223426.267A-100000>