Date: Mon, 4 Aug 1997 12:41:09 -0500 (CDT) From: "Thomas H. Ptacek" <tqbf@enteract.com> To: sef@Kithrup.COM (Sean Eric Fagan) Cc: bde@zeta.org.au, tqbf@enteract.com, security@FreeBSD.ORG Subject: Re: Proposed alternate patch for the rfork vulnerability Message-ID: <199708041741.MAA04433@enteract.com> In-Reply-To: <199708041703.KAA16417@kithrup.com> from "Sean Eric Fagan" at Aug 4, 97 10:03:55 am
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm sorry, Bruce, but having the file descriptor sharing break on > exec is the ONLY way to have it make sense, let alone be secure. The problem is specifically an issue with an interaction between the rfork() resource sharing semantics and the SUID bit. The problem is equally well solved by ignoring the SUID bit. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708041741.MAA04433>