Date: Tue, 12 Aug 1997 01:36:41 +1000 From: Bruce Evans <bde@zeta.org.au> To: ache@nagual.pp.ru, sef@FreeBSD.ORG Cc: current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: procfs patch Message-ID: <199708111536.BAA18095@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>I think any access to memory must be disallowed immediately after exec of >setuid program issued by user (not setuid root) program. I.e. exec call >must set some flag (in struct proc?) disabling procfs access and procfs >call need to check this flag only. Just close the procfs file descriptors on exec? >We also need some solution which >completely disable access to parent memory from forked child because >allowing it is against Unix ideology. But it is exactly what rfork() provides. Unix ideology is that file descriptors are not affected on exec unless this is asked for. The rfork fd sharing fix is wrong, and closing procfs file descriptors would be wrong. The exec should fail instead if it would cause a security hole. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708111536.BAA18095>