From owner-freebsd-security Sat Nov 2 21:41:15 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA25392 for security-outgoing; Sat, 2 Nov 1996 21:41:15 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA25387 for ; Sat, 2 Nov 1996 21:41:12 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.7.5/8.7.3) with UUCP id WAA27493; Sat, 2 Nov 1996 22:41:01 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id WAA00649; Sat, 2 Nov 1996 22:40:28 -0700 (MST) Date: Sat, 2 Nov 1996 22:40:27 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: Bill Trost cc: freebsd-security@FreeBSD.org Subject: Re: rwhod buffer overflow bug In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk It runs as daemon in -current: ---------------------------- revision 1.4 date: 1996/08/26 17:01:58; author: pst; state: Exp; lines: +1 -1 Run as daemon.daemon, not nobody.daemon ---------------------------- revision 1.3 date: 1996/08/25 21:37:11; author: pst; state: Exp; lines: +49 -9 Fix buffer overrun, and run as nobody ---------------------------- I haven't looked to be sure it actually gives away all privileges that it can, but it is running as non-root. Now, that change hasn't made it back to -stable. On Sat, 2 Nov 1996, Bill Trost wrote: > I may have asked this question before, but: Why not make rwhod > setuid() itself down once it has its sockets and /dev/kmem open? > /var/rwho would have to be writable by that user, but otherwise > the running rwho would have few privileges with which to do any > real damage to the system. >