Date: Sun, 10 Aug 1997 17:39:40 +0200 (CEST) From: Eivind Eklund <perhaps@yes.no> To: Alfred Perlstein <perlsta@sunyit.edu> Cc: hackers@FreeBSD.ORG Subject: Re: Fix for the PROCFS security hole! Message-ID: <199708101539.RAA05202@bitbox.follo.net> In-Reply-To: Alfred Perlstein's message of Sun, 10 Aug 1997 10:19:52 %2B0000 (GMT) References: <Pine.BSF.3.96.970810101530.7449B-100000@server.local.sunyit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I'm not to sure how to do it, but IF the procfs system could be modified > to somehow act like the /dev/tty* system, where the second a user > logs on the device is then owned by them and all other users access is > revoked. This could work that a setuid proc when exec'd, procfs would > automatically change permissions on it so that it is untainable. Possibly. It seems somewhat difficult, though, as when you have a file-descriptor I believe the access is only checked the moment you open the file, not on each access. Thus, you can e.g. drop root privileges after having bound to a privileged port. It might be possible to hack only procfs to actually do that checking, though. Seems the most feasible way to solve this. Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708101539.RAA05202>