From owner-freebsd-security  Sun Apr 19 16:22:17 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA05408
          for freebsd-security-outgoing; Sun, 19 Apr 1998 16:22:17 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA05339
          for <freebsd-security@FreeBSD.ORG>; Sun, 19 Apr 1998 23:22:10 GMT
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id TAA04825;
	Sun, 19 Apr 1998 19:21:59 -0400 (EDT)
Date: Sun, 19 Apr 1998 19:21:59 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Niall Smart <rotel@indigo.ie>
cc: Marc Slemko <marcs@znep.com>, freebsd-security@FreeBSD.ORG
Subject: Re: suid/sgid programs
In-Reply-To: <199804192309.AAA00431@indigo.ie>
Message-ID: <Pine.BSF.3.96.980419191830.4778A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Mon, 20 Apr 1998, Niall Smart wrote:

> lpr can be setuid "lp" so that it can write to the print spool
> directory, it has access to the file the user wants to print because
> that is it's real uid.  lpd can be root.wheel 770 and immediately
> setuid to "lp" after opening the socket.  (Or you could just disable
> this silly priveledged socket scheme)

In previous discussions, people have suggested adding a "sockets" group
for which low port bindings are allowed.  This might be implemented by
using a sysctl that identifies the gid to the kernel (or something).  Any
program running with this in its groups would be allowed to bind low port
number.  This provides an immediate fix for having a bunch of daemons (and
applications) running as root.


  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message