[7504] in bugtraq
Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Thu Jul 30 17:34:54 1998
Date: Thu, 30 Jul 1998 19:50:02 +0200
Reply-To: peak@kerberos.troja.mff.cuni.cz
From: Pavel Kankovsky <peak@KERBEROS.TROJA.MFF.CUNI.CZ>
X-To: Joe Zbiciak <j-zbiciak1@ti.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807300002.TAA13131@asterix>
On Wed, 29 Jul 1998, Joe Zbiciak wrote:
> Alan Cox actually is the first person who highlighted this sort of
> vulnerability to me. Does anyone know if the OpenBSD approach is
> sufficient for avoiding these sorts of attacks (eg. feeding an
> suid/sgid program bogus stdin/stdout/stderr)? Also, is a similar patch
Hmm. In theory, yes. But OpenBSD implementation seems to have a
potential small hole. It should abort when it cannot fix everything
but it does not. PERHAPS, a temporary resource starvation could break
it.
> in the works for Linux? (I ask, because I'm a Linux user myself.)
I made such a patch for 2.0.~34. (Applying to 2.1 can't be hard.)
Get http://www.tux.org/hypermail/linux-kernel/1998week28/0391.html.
(Warning: there exists an older version which has a serious--and
rather stupid--bug. Don't use it. Kudos to Mitch Blank for discovering
it.)
You need to have Solar Designer's secure-linux patch installed or do some
manual tweaking to use it.
> And, is there any overwhelming reason why you wouldn't make the same
> guarantee that fd's 0..2 are open for all processes, rather than just
> suid/sgid processes?
It would confuse some programs and probably violate standards.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"You can't be truly paranoid unless you're sure they have already got you."
