Bugtraq mailing list archives
Re: Wiping out setuid programs
From: shadows () WHITEFANG COM (Thamer Al-Herbish)
Date: Wed, 6 Jan 1999 23:53:01 -0800
On Wed, 6 Jan 1999, D. J. Bernstein wrote:
In every case the file access could be moved to a non-setuid daemon that accepts UNIX-domain connections from unprivileged user programs. This would wipe out a huge number of local security holes.
I really think this is overrated. All a client-server model would do is eliminate process attribute inheritance. It would prevent environment variables from being inherited, file descriptors etc. Sure, these do cause security holes, but let's not forget the plethora of other holes caused by buffer overruns, race conditions et al. which occur regardless of attribute inheritance.
http://pobox.com/~djb/docs/secureipc.html
Add SCM_CREDS on FreeBSD and BSD/OS to the list. Here's your problem, you already have: Linux: SO_PEERCRED FreeBSD: SCM_CREDS BSD/OS: SCM_CREDS (different from FreeBSD) NetBSD: LOCAL_CREDS Solaris: Doors Too many, making life very unportable. Is there a mention of any of these in any standard? Another way, that Thomas Ptacek had mentioned this a while back on comp.security.unix, includes passing a file descriptor that is only readable by its owner (SCM_RIGHTS). An fstat() will give you the owner of the file, and thus you'd know the peer's effective user ID. Here's another question, apart from Bernstein's paper, has anyone written formal papers on this technique? I'm looking to reference some papers for some writing. -- Thamer Al-Herbish PGP public key: shadows () whitefang com http://www.whitefang.com/pgpkey.txt [ Maintainer of the Raw IP Networking FAQ http://www.whitefang.com/rin/ ]
Current thread:
- Tripwire mess.. CyberPsychotic (Jan 04)
- Re: [SECURITY] New versions of netstd fixes buffer overflows Chip Salzenberg (Jan 04)
- Re: [SECURITY] New versions of netstd fixes buffer overflows Wichert Akkerman (Jan 05)
- Wiping out setuid programs D. J. Bernstein (Jan 05)
- Re: Wiping out setuid programs Darren Reed (Jan 06)
- Re: Wiping out setuid programs Illuminatus Primus (Jan 06)
- Re: Wiping out setuid programs Thamer Al-Herbish (Jan 06)
- Checking for most recent Solaris Security Patches spamhater () GRYMOIRE COM (Jan 06)
- Re: Checking for most recent Solaris Security Patches Ronan Waide (Jan 07)
- NFR Version 2.0.2 Research Now Available Deborah A. Greenberg (Jan 07)
- Re: Checking for most recent Solaris Security Patches Paul Brunk (Jan 08)
- Re: Checking for most recent Solaris Security Patches John D Groenveld (Jan 08)
- Re: Checking for most recent Solaris Security Patches Jon Ross (Jan 12)
- Re: Checking for most recent Solaris Security Patches Linux Mailing Lists (Jan 13)
- Re: Checking for most recent Solaris Security Patches Jon Ross (Jan 15)
- Lotus Notes SMTP Server bug Siva Sankar Adiraju (Jan 15)
- Re: Checking for most recent Solaris Security Patches //Stany (Jan 15)
- Re: [SECURITY] New versions of netstd fixes buffer overflows Chip Salzenberg (Jan 04)