Date: Tue, 28 Oct 1997 16:52:43 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: angio@angio.net (Dave Andersen) Cc: tlambert@primenet.com, Don.Lewis@tsc.tdk.com, jamil@trojanhorse.ml.org, thorpej@nas.nasa.gov, freebsd-hackers@FreeBSD.ORG Subject: Re: Possible SERIOUS bug in open()? (Big time bug) Message-ID: <199710281652.JAA24834@usr06.primenet.com> In-Reply-To: <199710280700.AAA06875@meowy.angio.net> from "Dave Andersen" at Oct 28, 97 00:00:21 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I don't think administrators who remove "r" access to keep users > > > from copying executables would like this, since the users could > > > just switch to a copying program that uses mmap. > > > > A user can just ctrl-\ the thing and get a core and "undump" it now. > > > > If it's a net program, they can just download it. > > In reverse order: > > a) You'd most commonly do this to a program you wrote yourself to > protect it from exploitation and/or examination, not for > something you got off the net. > > b) Setuid programs haven't dumped core since the ftpd problem > a while ago. In forward order: a) The complaint was access to the image, not who wrote it. A core provides access to the image. b) Who said anything about suid being a requirement for wanting to protect the executable image? The reason you generally don't want an SUID program to core is the data section contains data it can access, but the user shouldn't be able to. Like the raw passwd file entries. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710281652.JAA24834>