Date: Sun, 25 Aug 1996 23:30:42 -0400 (EDT) From: Gene Stark <gene@starkhome.cs.sunysb.edu> To: security@freebsd.org Subject: Vulnerability in the Xt library (fwd) Message-ID: <199608260330.XAA12903@starkhome.cs.sunysb.edu> References: <4vqqpl$bn8@starkhome.cs.sunysb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is the worst one yet for me. A crazy idea occurred to me, what do other people think? Why not nip all this stuff in the bud by changing the semantics of exec() so that setuid privilege is turned off unless the program has previously executed a (new) system call that says "I really want setuid privileges to be passed to my children." Of course, this would be nonstandard, but it would have the nice property that since no existing program calls this system call (it doesn't exist yet) no further exploits of this type would be possible with existing software. Calls to this new system call could then be introduced carefully into existing software, right at the point where an exec that *has* to preserve setuid privilege is performed. I would hazard a guess (flame me if I'm wrong) that most setuid programs don't need to exec other stuff, so this type of change would not break as many things as you might think at first. - Gene Stark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608260330.XAA12903>