[1102] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: RESOLV_HOST_CONF

daemon@ATHENA.MIT.EDU (David Holland)
Tue Aug 27 18:25:47 1996

From: David Holland <dholland@hcs.HARVARD.EDU>
To: jcowan@jcowan.reslife.okstate.edu (Joshua Cowan)
Date: Mon, 26 Aug 1996 16:07:18 -0400 (EDT)
Cc: ddaniel@furlong.jpl.nasa.gov, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199608260242.VAA14205@jcowan.reslife.okstate.edu> from "Joshua Cowan" at Aug 25, 96 09:42:45 pm

 >     DB> seems to be a step needs to be taken back so we can look at a
 >     DB> fundamental problem with *all* setuid programs: they blithely
 > 
 > AFAIK, a POSIX.6 implementation for Linux is still being developed.
 > This is the best solution, IMHO (and this situation is a good example of
 > why POSIX.6 is a Good Thing).

POSIX.6 wouldn't do a damn thing for this situation. Sure, ping
wouldn't have privilege to read the file. Guess what? Sendmail does.
All it would do is make it take longer for the problem to be
detected. 

I don't really want to restart this flamewar (see the kernel list
archives from January), but there is not a silver bullet for security,
and even if there were, the POSIX.6 design wouldn't be it.

[REW: I would give sendmail the "access to write mailboxes",
"permission to bind to priviliged ports" and "right to execute
programs as another uid". Does it need more? Agreed, it might be
harder to actually find the bugs if almost all are rendered invulnerable
through other means.]

-- 
   - David A. Holland          | Number of words in the English language that
     dholland@hcs.harvard.edu  | exist because of typos or misreadings: 381

home help back first fref pref prev next nref lref last post