Date: Tue, 17 Nov 1998 07:41:38 +0100 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Nate Williams <nate@mt.sri.com>, Warner Losh <imp@village.org> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, Matthew Dillon <dillon@apollo.backplane.com>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <19981117074138.A11602@internal> In-Reply-To: <199811161940.MAA19331@mt.sri.com>; from Nate Williams on Mon, Nov 16, 1998 at 12:40:12PM -0700 References: <19981116072937.E969@internal> <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <199811152210.PAA01604@harmony.village.org> <199811160658.XAA01912 < <19981116125909.A28486@internal>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 16, 1998 at 12:40:12PM -0700, Nate Williams wrote: > > : That is exactly my opinion. I think a program should run with the > > : minimum privileges it really needs to and not more. > > > > I still think that it is a lot of effort for just one or two > > programs. xlock and xlockmore (basically the same program) are the > > only two programs that I'm aware of that need to access the password > > file and not change the uid of the process. Where are the rest of the > > half dozen :-)... > > The other issue is since they will no longer be setuid(), someone can > crash them and get the passwd file from them to crack later or we'd have > to change all of the 'don't dump core' code to look for setgid(passwd) > stuff. All of a sudden this 'simple fix' gets to be obnoxious and isn't > buying us a whole lot. That means that setuid progs don't dump core. I didn't know that but it sounds reasonable, of course. > > Setuid is *NOT* evil in all cases, you simply must be careful. The fact > of the matter is *some* programs must have root priviledges to do their > job securely and/or at all. I just was alarmed by xlockmore that a program runs setuid root all the time only to check the password the user enters. And, regardless whether xlockmore has known bugs or not, this applies to all screen savers. They do rather complex stuff from time to time and therefore it's likely they crash. > > > > > Nate -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981117074138.A11602>