Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!news.radio.cz!newsbastard.radio.cz!news.radio.cz!CESspool!news.maxwell.syr.edu!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!feed1.news.erols.com!news.enteract.com!newsfeed.enteract.com!tqbf From: tqbf@char-star.rdist.org (Thomas H. Ptacek) Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 25 Apr 1997 04:39:11 GMT Organization: EnterAct, L.L.C. Lines: 37 Message-ID: <slrn5m0dbf.jsb.tqbf@char-star.rdist.org> References: <3356E1CC.299E@softway.com.au> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org> <5jlr60$f7d@web.nmti.com> <slrn5ltb2l.br4.tqbf@char-star.rdist.org> <5jo5m4$f9v@web.nmti.com> Reply-To: tqbf@enteract.com NNTP-Posting-Host: char-star.rdist.org X-Newsreader: slrn (0.9.1.1 BETA UNIX) Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6751 comp.unix.bsd.misc:3089 comp.security.unix:34003 24 Apr 1997 17:36:04 GMT peter@nmti.com: [ re: holes in dynamic linkers vs C runtime holes ] >The difference is too subtle for my tiny brain to perceive. Reverend da Silva, there's a simple, significant difference. A hole in start() on FreeBSD is a hole in every C program on the system. A hole in the dynamic linking process is a hole only in dynamically linked programs. What's so subtle about this? Every SUID program on my system is statically linked, and I am still vulnerable to security problems in the runtime support! >> EUID checks within library routines are a bad idea. It would help if >What sort of mechanism are you thinking of? I don't know any conventional OpenBSD has a simple, effective solution to this problem; when execve() changes the effective UID/GID due to a SUID/SGID bit on an executable, it sets a process table flag. They then have a system call that returns the value of this flag, called "issetugid". Nothing the application-level code can do will cause this test to return false when the program is SUID. This is not the case for runtime UID/EUID checks. >even an authoritative mechanism for finding out what program you are! All >you can do is look at your current UIDs. This is an inadequacy of the kernel, not a fact of life. -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- exit(main(kfp->kargc, argv, environ));