Date: Sun, 25 Aug 1996 21:58:46 -0600 From: Warner Losh <imp@village.org> To: Gene Stark <gene@starkhome.cs.sunysb.edu> Cc: security@freebsd.org Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <199608260358.VAA06773@rover.village.org> In-Reply-To: Your message of Sun, 25 Aug 1996 23:30:42 EDT
next in thread | raw e-mail | index | archive | help
: Calls to this new system call could then be introduced carefully into : existing software, right at the point where an exec that *has* to preserve : setuid privilege is performed. You'll have to be careful if you do this. You'd need to make sure that you don't create something that the code inserted onto the stack can call and do an end run around the hard work you do in putting it in in the first place. Some of the stack overflow attacks have used the fact that they can do a setuid(0) even though the program has turned off privs at the point in the program that they are at.... Personally, I think that xterm should call a program to set the permissions and modes on the pseudo device, or better yet, the whole pseudo device concept should be examined so that they are created owned by the user and the chown isn't needed. That's the only reason (aside from writing to /etc/utmp on some systems, which can be replaced by a daemon, I think) that xterm needs to be setuid root. This would break existing pseudo terminal code, potentially, but the added security of a cloning device might be worth it. Too bad it is such a big project, or it would be done by now :-) Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608260358.VAA06773>