From owner-freebsd-hackers  Sun Aug 10 10:34:53 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id KAA01791
          for hackers-outgoing; Sun, 10 Aug 1997 10:34:53 -0700 (PDT)
Received: from kithrup.com (kithrup.com [205.179.156.40])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id KAA01784
          for <hackers@freebsd.org>; Sun, 10 Aug 1997 10:34:50 -0700 (PDT)
Received: (from sef@localhost) by kithrup.com (8.6.8/8.6.6) id KAA17222; Sun, 10 Aug 1997 10:34:50 -0700
Date: Sun, 10 Aug 1997 10:34:50 -0700
From: Sean Eric Fagan <sef@Kithrup.COM>
Message-Id: <199708101734.KAA17222@kithrup.com>
To: hackers@freebsd.org
Subject: Re: Fix for the PROCFS security hole!
In-Reply-To: <Pine.BSF.3.96.970810101530.7449B-100000.kithrup.freebsd.hackers@server.local.sunyit.edu>
Organization: Kithrup Enterprises, Ltd.
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In article <Pine.BSF.3.96.970810101530.7449B-100000.kithrup.freebsd.hackers@server.local.sunyit.edu> you write:
>I'm not to sure how to do it, but IF the procfs system could be modified
>to somehow act like the /dev/tty* system, where the second a user
>logs on the device is then owned by them and all other users access is
>revoked.  This could work that a setuid proc when exec'd, procfs would
>automatically change permissions on it so that it is untainable.

The solution I'm working on right now (which I've had in mind for a while)
was to have procfs return an error when doing any I/O to a process which has
ever changed id's, unless (of course) the calling process is root.