Date: Mon, 16 Nov 1998 22:02:43 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <Pine.BSF.4.05.9811162156340.12077-100000@alive.znep.com> In-Reply-To: <199811170522.VAA23411@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Nov 1998, Matthew Dillon wrote: > > : > :On Mon, 16 Nov 1998, Matthew Dillon wrote: > : > :> > :> We define several capabilities right off the bat: > :> > :> RCAPF_LOWPORT allow binding to low ports > : > :No. > : > :Again, read the archives. All this has been gone over and over. > : > :This makes things LESS secure in general. > : > :If programs have this ability, now they can't give it up. So > :suddenly all those simple programs that used to bind to the port > :and setuid() can't do that any more. > : > :Now if you compromise one program, you can compromise them all. > > Nonsense. Firstly, you CAN give it up, in fact the parent can > force the child to give it away on fork or exec, and secondly If it is only of use to processes that fork or exec, what is the point of it? Doesn't a simple setuid wrapper that opens the port, setuid()s then executes the program do just the same thing without any hassle? If you are trying to claim that an exploit would have to exec a program and therefore no one would be able to exploit it, that is silly, since if you can execute arbitrary code to run another program you can almost always do a whole lot more. > I think I did mention that calling setuid() would clear the > capabilities. Didn't I? Maybe I didn't send out that email, Hmm. I'm a bit confused. Who are you setuid()ing from and to? In reality, when you get down to it, the uses of this end up very limited, and have only a very minor impact on security since if something can usefully use this capability then they could just bind to the port as root then setuid() in a few lines of easy code. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811162156340.12077-100000>