Date: Thu, 1 Sep 2005 00:21:05 +0400 (MSD) From: Michael Bushkov <bushman@rsu.ru> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: freebsd-current@freebsd.org, Dan Nelson <dnelson@allantgroup.com>, Jilles Tjoelker <jilles@stack.nl> Subject: Re: [PATCH] caching daemon release and nsswitch patches Message-ID: <20050901001719.Q72814@stinger.cc.rsu.ru> In-Reply-To: <20050831201116.GH32477@odin.ac.hmc.edu> References: <20050827170633.Y5409@stinger.cc.rsu.ru> <43123F3B.8070002@FreeBSD.org> <20050829115740.N5409@stinger.cc.rsu.ru> <20050829163025.GA25664@dan.emsphone.com> <20050830172127.E5409@stinger.cc.rsu.ru> <20050831190059.GA23652@stack.nl> <20050831231233.T72814@stinger.cc.rsu.ru> <20050831194808.GA12742@stack.nl> <20050831235458.L72814@stinger.cc.rsu.ru> <20050831201116.GH32477@odin.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! >>> User X puts some garbled information in the cache for his uid, then >>> starts a setgid program. That setgid program will use the bad data >>> in the cache which is potentially exploitable. >> Yes - you're right. I see 2 solutions: >> >> 1) The thing that you said - to turn off the caching for set*id programs >> >> 2) To separate users in the cache not only by their euid, but by their >> euid and egid together. In this case, if user X poisons the cache and >> starts the setgid program, then it will use the different (not poisoned) >> cache. I don't think that such a partitioning will cause the cache to grow >> too much. > > I'd be inclined toward the first option. Getting edge cases right for > suid apps requires lots of thinking so I'd rather just not support the > feature initially. Performance critical suid applications probably > aren't too common anyway. Ok - I'm absolutely agreed. I'll do it this way. With best regards, Michael Bushkov Rostov State University
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050901001719.Q72814>