From owner-freebsd-security Sun Aug 25 20:59:19 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA15028 for security-outgoing; Sun, 25 Aug 1996 20:59:19 -0700 (PDT) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA15022 for ; Sun, 25 Aug 1996 20:59:14 -0700 (PDT) Received: from rover.village.org (localhost [127.0.0.1]) by rover.village.org (8.7.5/8.6.6) with ESMTP id VAA06773; Sun, 25 Aug 1996 21:58:46 -0600 (MDT) Message-Id: <199608260358.VAA06773@rover.village.org> To: Gene Stark Subject: Re: Vulnerability in the Xt library (fwd) Cc: security@freebsd.org In-reply-to: Your message of Sun, 25 Aug 1996 23:30:42 EDT Date: Sun, 25 Aug 1996 21:58:46 -0600 From: Warner Losh Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk : Calls to this new system call could then be introduced carefully into : existing software, right at the point where an exec that *has* to preserve : setuid privilege is performed. You'll have to be careful if you do this. You'd need to make sure that you don't create something that the code inserted onto the stack can call and do an end run around the hard work you do in putting it in in the first place. Some of the stack overflow attacks have used the fact that they can do a setuid(0) even though the program has turned off privs at the point in the program that they are at.... Personally, I think that xterm should call a program to set the permissions and modes on the pseudo device, or better yet, the whole pseudo device concept should be examined so that they are created owned by the user and the chown isn't needed. That's the only reason (aside from writing to /etc/utmp on some systems, which can be replaced by a daemon, I think) that xterm needs to be setuid root. This would break existing pseudo terminal code, potentially, but the added security of a cloning device might be worth it. Too bad it is such a big project, or it would be done by now :-) Warner