Date: Thu, 21 Nov 1996 23:01:27 +1030 From: michael smith <miff@spam.frisbee.net.au> To: Peter Childs <pjchilds@imforei.apana.org.au> Cc: Mark Newton <newton@communica.com.au>, freebsd-security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <32944B9F.41C67EA6@spam.frisbee.net.au> References: <199611211112.VAA27330@al.imforei.apana.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Childs wrote: > > I'm just doing a little bit of poking and from what i can see all > calls to bindresvport() go through bind() to the bind syscall. The > bind syscall ends up in in_pcbbind (note pg 444 and 462 4.4BSD daemon > book) and this bit does the check and returns EACCES on > IPPORT_RESERVED && uid == root. > > Could an additional check in here just be used to check that if port > requested is 25 and uid == mailmanager's uid then OK it? That's basically just hardcoding the more generic ideas bandied around earlier. The long-term solution is the "registry" concept, which is not really ready for showtime in any of the models that have been discussed. > Am I missing something, or is this fairly trivial. It "seems" pretty > hackish to do it in the kernel but as a "quick fix" would this do the > job? You wouldn't get it into the main tree, but as a local modification it'd most likely be effective. > Peter Childs --- http://www.imforei.apana.org.au/~pjchilds -- Mike Smith *BSD hack Unix hardware collector The question "why are the fundamental laws of nature mathematical" invites the trivial response "because we define as fundamental those laws which are mathematical". Paul Davies, _The_Mind_of_God_
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32944B9F.41C67EA6>