From owner-freebsd-hackers  Fri Oct 18 10:23:28 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA09222
          for hackers-outgoing; Fri, 18 Oct 1996 10:23:28 -0700 (PDT)
Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA09173
          for <freebsd-hackers@freebsd.org>; Fri, 18 Oct 1996 10:21:39 -0700 (PDT)
Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id LAA03323; Fri, 18 Oct 1996 11:21:17 -0500
From: Joe Greco <jgreco@brasil.moneng.mei.com>
Message-Id: <199610181621.LAA03323@brasil.moneng.mei.com>
Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: gibbs@freefall.freebsd.org (Justin T. Gibbs)
Date: Fri, 18 Oct 1996 11:21:16 -0500 (CDT)
Cc: jgreco@brasil.moneng.mei.com, karl@mcs.net, jdp@polstra.com,
        ache@nagual.ru, guido@gvr.win.tue.nl, thorpej@nas.nasa.gov,
        phk@critter.tfs.com, freebsd-hackers@freebsd.org,
        tech-userlevel@netbsd.org
In-Reply-To: <199610181616.JAA04642@freefall.freebsd.org> from "Justin T. Gibbs" at Oct 18, 96 09:16:58 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> >Would it be possible to extend the db interface to have a "suicide call"
> >that wiped itself clean?  Something that would not interfere with normal
> >db functions, but instead act as an extension?
> 
> It shouldn't be necessary if you protect the core dump, ptrace, kmem, etc
> paths of attacks.  What happens if you core dump in the library or before
> you can call the "cleanup" routine?

You have a smaller window of (potential) risk.  I would assume that the
core dump is protected regardless.  Then it becomes a matter of what 
happens when something you do not anticipate happens, and an exploit
is devised.

(I know, I know, I should think more positively)  :-)

... JG