Date: Fri, 18 Oct 1996 11:21:16 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: gibbs@freefall.freebsd.org (Justin T. Gibbs) Cc: jgreco@brasil.moneng.mei.com, karl@mcs.net, jdp@polstra.com, ache@nagual.ru, guido@gvr.win.tue.nl, thorpej@nas.nasa.gov, phk@critter.tfs.com, freebsd-hackers@freebsd.org, tech-userlevel@netbsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <199610181621.LAA03323@brasil.moneng.mei.com> In-Reply-To: <199610181616.JAA04642@freefall.freebsd.org> from "Justin T. Gibbs" at Oct 18, 96 09:16:58 am
next in thread | previous in thread | raw e-mail | index | archive | help
> >Would it be possible to extend the db interface to have a "suicide call" > >that wiped itself clean? Something that would not interfere with normal > >db functions, but instead act as an extension? > > It shouldn't be necessary if you protect the core dump, ptrace, kmem, etc > paths of attacks. What happens if you core dump in the library or before > you can call the "cleanup" routine? You have a smaller window of (potential) risk. I would assume that the core dump is protected regardless. Then it becomes a matter of what happens when something you do not anticipate happens, and an exploit is devised. (I know, I know, I should think more positively) :-) ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610181621.LAA03323>