Date: Mon, 18 Nov 1996 11:35:16 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Adam Shostack <adam@homeport.org>, Don.Lewis@tsc.tdk.com (Don Lewis) Cc: phk@critter.tfs.com, freebsd-security@FreeBSD.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611181935.LAA16011@salsa.gv.ssi1.com> In-Reply-To: Adam Shostack <adam@homeport.org> "Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2)." (Nov 18, 2:16pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 18, 2:16pm, Adam Shostack wrote:
} Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
}
} If network access went through the file system, then
} chown smtp /dev/tcp/smtp would give us a known access control
} mechanism, rather than trying to extend the process table.
Yeah, something like that, but the usual semantics folks talk about
are open("/dev/tcp/remote-address/remote-port", ...). It is really
desireable to set permissions on both the local address/port and
the remote address/port (user foo is only allowed to connect to port
1234 on serverA using a port in the range 2000-2050). Handling port
ranges gets a bit messy, too.
Then there's the nastyness of what to do about chrooted processes.
You really want to be able to map a subset of the network space into
their filesystems space.
I think mapping network accesses into filesystem space is the way to
go, but I don't know how to get the semantics right.
--- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611181935.LAA16011>