Date: Mon, 11 Aug 1997 11:10:02 -0600 (MDT) From: Marc Slemko <marcs@znep.com> To: Sean Eric Fagan <sef@Kithrup.COM> Cc: ache@nagual.pp.ru, current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: procfs patch Message-ID: <Pine.BSF.3.95.970811110744.5127H-100000@alive.znep.com> In-Reply-To: <199708111521.IAA07362@kithrup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Aug 1997, Sean Eric Fagan wrote: > >The program can change uids many times and finaly do allowed combination. > >But "interesting" code or data from previous superuser mode can still left > >in the memory. > > My patch is no different than the situation with core files. If a process > has your UID, you can make it dump core, and then examine its data. This is > an extensio of that. No you can't. BTDT. If a process has done a setuid() (well, more accurately if it has done a setuid() that has changed the uid) it will not dump core. ISTR that on Linux it took an awfully long time to get all the security holes out of procfs. Well, all of the more serious ones that have been found so far.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970811110744.5127H-100000>