On May 18, 12:46pm, Theo de Raadt wrote: } Subject: Re: pingflood.c > > BTW, how many setuid programs are there that will catch various > > signals and will behave "not-as-expected" when forked off by a > > signal-bomber parent process, such as pingflood? > > Unlike seemingly everone else in this thread, who are very busy trying > to patch ping for a problem which it is obvious many other programs in > the source tree will also encounter, Aggelos has taken the first step > and used started thinking about the further consequences. [snip] > For more information on how I have fixed this problem, due to a > conversation with David Holland a couple months back about this basic > problem, see both www.openbsd.org/security.html#23 and > www.openbsd.org/errata.html#kill I would have also thought it advisable to prevent a non-priviledged user from sending a signal to a set[ug]id process which has installed a handler for that signal. Niall
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:11 PDT