Date: Tue, 16 Sep 1997 23:15:07 -0600 (MDT) From: tqbf@silence.secnet.com To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: tqbf@enteract.com, freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD Security Advisory: BSD I/O Signals Message-ID: <Pine.BSI.3.96.970916231027.1574A-100000@silence.secnet.com> In-Reply-To: <199709170457.VAA26232@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 16 Sep 1997, Don Lewis wrote: > Not in the case of sockets. If you do F_SETOWN on a socket, the kernel > blindly accepts whatever process or group ID that you supply with no > further checking. You're saying that, after the OpenBSD patch, arbitrary processes can continue to SIGIO/SIGURG arbitrary other processes? > } Can you explain how this is a security-relevant proposal? > It totally eliminates the wraparound problem. As does credential checking at signal delivery. > random things from happening. Now this is a stretch, but what if an > attacker subverted a root owned process to to a F_SETOWN, change uid to The hole would be in the program that allowed an attacker to gain root access to fcntl, and there's not much you can do in the kernel to prevent the general case of this from remaining true. > to have a wrapped process ID, even though they have the same credentials > as the process that did the F_SETOWN. Reliability is part of security ... If the process has the exact same credentials, how is this a security issue? I think we're reaching a bit here. ---------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ---------------------------------------------------------------------- "mmm... sacrilicious..."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.96.970916231027.1574A-100000>