Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux

[peak () kerberos troja mff cuni cz (Pavel Kankovsky)]

On Wed, 29 Jul 1998, Joe Zbiciak wrote:

> Alan Cox actually is the first person who highlighted this sort of
> vulnerability to me.  Does anyone know if the OpenBSD approach is
> sufficient for avoiding these sorts of attacks (eg. feeding an
> suid/sgid program bogus stdin/stdout/stderr)?  Also, is a similar patch

Hmm. In theory, yes. But OpenBSD implementation seems to have a
potential small hole. It should abort when it cannot fix everything
but it does not. PERHAPS, a temporary resource starvation could break
it.

> in the works for Linux?  (I ask, because I'm a Linux user myself.)

I made such a patch for 2.0.~34. (Applying to 2.1 can't be hard.)
Get http://www.tux.org/hypermail/linux-kernel/1998week28/0391.html.

(Warning: there exists an older version which has a serious--and
rather stupid--bug. Don't use it. Kudos to Mitch Blank for discovering
it.)

You need to have Solar Designer's secure-linux patch installed or do some
manual tweaking to use it.

> And, is there any overwhelming reason why you wouldn't make the same
> guarantee that fd's 0..2 are open for all processes, rather than just
> suid/sgid processes?

It would confuse some programs and probably violate standards.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"You can't be truly paranoid unless you're sure they have already got you."