From owner-freebsd-security  Sun Apr 19 16:58:18 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA13991
          for freebsd-security-outgoing; Sun, 19 Apr 1998 16:58:18 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA13980
          for <freebsd-security@FreeBSD.ORG>; Sun, 19 Apr 1998 23:58:08 GMT
          (envelope-from karl@Mars.mcs.net)
Received: from Mars.mcs.net (karl@Mars.mcs.net [192.160.127.85]) by Kitten.mcs.com (8.8.7/8.8.2) with ESMTP id SAA26379; Sun, 19 Apr 1998 18:57:57 -0500 (CDT)
Received: (from karl@localhost) by Mars.mcs.net (8.8.7/8.8.2) id SAA16012; Sun, 19 Apr 1998 18:57:56 -0500 (CDT)
Message-ID: <19980419185756.38304@mcs.net>
Date: Sun, 19 Apr 1998 18:57:56 -0500
From: Karl Denninger  <karl@mcs.net>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: Niall Smart <rotel@indigo.ie>, Marc Slemko <marcs@znep.com>,
        freebsd-security@FreeBSD.ORG
Subject: Re: suid/sgid programs
References: <199804192309.AAA00431@indigo.ie> <Pine.BSF.3.96.980419191830.4778A-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.84
In-Reply-To: <Pine.BSF.3.96.980419191830.4778A-100000@fledge.watson.org>; from Robert Watson on Sun, Apr 19, 1998 at 07:21:59PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Sun, Apr 19, 1998 at 07:21:59PM -0400, Robert Watson wrote:
> On Mon, 20 Apr 1998, Niall Smart wrote:
> 
> > lpr can be setuid "lp" so that it can write to the print spool
> > directory, it has access to the file the user wants to print because
> > that is it's real uid.  lpd can be root.wheel 770 and immediately
> > setuid to "lp" after opening the socket.  (Or you could just disable
> > this silly priveledged socket scheme)
> 
> In previous discussions, people have suggested adding a "sockets" group
> for which low port bindings are allowed.  This might be implemented by
> using a sysctl that identifies the gid to the kernel (or something).  Any
> program running with this in its groups would be allowed to bind low port
> number.  This provides an immediate fix for having a bunch of daemons (and
> applications) running as root.
> 
> 
>   Robert N Watson 

Yes, it does.

However, lpd only needs root long enough to bind to the lpd port.  Once
that's done, it can setuid() itself to another UID.

--
-- 
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
			     | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message