From owner-freebsd-bugs Mon Sep 11 23:48: 7 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B5A8237B422; Mon, 11 Sep 2000 23:48:04 -0700 (PDT) Received: (from cracauer@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id XAA49641; Mon, 11 Sep 2000 23:48:04 -0700 (PDT) (envelope-from cracauer@FreeBSD.org) Date: Mon, 11 Sep 2000 23:48:04 -0700 (PDT) From: Message-Id: <200009120648.XAA49641@freefall.freebsd.org> To: cracauer@FreeBSD.org, cracauer@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: bin/19946: possible bug in sh(1) with -p flag (privileged mode) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Synopsis: possible bug in sh(1) with -p flag (privileged mode) Responsible-Changed-From-To: cracauer->freebsd-bugs Responsible-Changed-By: cracauer Responsible-Changed-When: Tue Sep 12 08:38:56 MEST 2000 Responsible-Changed-Why: This PR is not really a shell bug, but a matter of security policy (sh has a switch -p that - when set - should allow root to su(8) to a user without inheriting anything from that user's dotfiles that would compromise root's account). Personally, I am not used to think of waterproofed security solutions and I see no reason how I should judge over the measurments such a flag must take to protect the user who su'ed. Looking at bash2, it uses an entirely different (and apparently more though-off) approach towards the same problem. I think this needs to be dicussed on -security. If anyone thinks of an appropriate solution (which includes your suggestion - Alexander), please have it reviewed by security@freebsd.org. I will of course be happy to participiate in such a discussion where I can be of help and would commit and maintain a solution that is considered waterproofed by a substancial group of security-knowledgable people. I would also consider removing this switch as long as it's security gain is questionable. -:---F1 foo (Text Fill)--L1--All--------------------------------- http://www.freebsd.org/cgi/query-pr.cgi?pr=19946 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message