On Wed, 29 Jul 1998, Joe Zbiciak wrote: > Alan Cox actually is the first person who highlighted this sort of > vulnerability to me. Does anyone know if the OpenBSD approach is > sufficient for avoiding these sorts of attacks (eg. feeding an > suid/sgid program bogus stdin/stdout/stderr)? Also, is a similar patch Hmm. In theory, yes. But OpenBSD implementation seems to have a potential small hole. It should abort when it cannot fix everything but it does not. PERHAPS, a temporary resource starvation could break it. > in the works for Linux? (I ask, because I'm a Linux user myself.) I made such a patch for 2.0.~34. (Applying to 2.1 can't be hard.) Get http://www.tux.org/hypermail/linux-kernel/1998week28/0391.html. (Warning: there exists an older version which has a serious--and rather stupid--bug. Don't use it. Kudos to Mitch Blank for discovering it.) You need to have Solar Designer's secure-linux patch installed or do some manual tweaking to use it. > And, is there any overwhelming reason why you wouldn't make the same > guarantee that fd's 0..2 are open for all processes, rather than just > suid/sgid processes? It would confuse some programs and probably violate standards. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "You can't be truly paranoid unless you're sure they have already got you."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:01 PDT