Date: Sun, 10 Aug 1997 14:43:22 -0400 (EDT) From: Brian Mitchell <brian@firehouse.net> To: Eivind Eklund <perhaps@yes.no> Cc: Alfred Perlstein <perlsta@sunyit.edu>, hackers@FreeBSD.ORG Subject: Re: Fix for the PROCFS security hole! Message-ID: <Pine.BSI.3.95.970810143907.19099D-100000@shell.firehouse.net> In-Reply-To: <199708101539.RAA05202@bitbox.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Aug 1997, Eivind Eklund wrote: > > > > > > I'm not to sure how to do it, but IF the procfs system could be modified > > to somehow act like the /dev/tty* system, where the second a user > > logs on the device is then owned by them and all other users access is > > revoked. This could work that a setuid proc when exec'd, procfs would > > automatically change permissions on it so that it is untainable. > > Possibly. It seems somewhat difficult, though, as when you have a > file-descriptor I believe the access is only checked the moment you > open the file, not on each access. Thus, you can e.g. drop root > privileges after having bound to a privileged port. > > It might be possible to hack only procfs to actually do that checking, > though. Seems the most feasible way to solve this. > > Eivind. > Well, what I thought was: When you open a procfs 'file', set the ptraced flag. Every 'file' should check to make sure this flag is still set, if not return an error. kern_exec already checks for the existance of this flag and removes it for set[ug]id programs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970810143907.19099D-100000>