Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 08 Jul 2000 15:30:13 -0700
From:      Mike Smith <msmith@freebsd.org>
To:        Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/crypto/openssh sshd.c 
Message-ID:  <200007082230.PAA01325@mass.osd.bsdi.com>
In-Reply-To: Your message of "08 Jul 2000 12:33:51 %2B0200." <xzp66qgud0w.fsf@flood.ping.uio.no> 

next in thread | previous in thread | raw e-mail | index | archive | help
> Wes Morgan <morganw@chemicals.tacorp.com> writes:
> > I hope that there is no way ever in 1e6 years that someone will be able to
> > subvert /proc/curproc and get sshd to execute the program of his choice as
> > root when it gets HUP'd. I can't think of any way possible, but there are
> > 6 billion people out there besides me.
> 
> Well, for starters, /proc might not be mounted, and an 3v1l h4xx0r
> might be able to trick a root-owned process into creating
> /proc/curproc/file.

At which point about a billion other security holes are also opened.  
Your argument holds equally well for suggesting that "secure" programs 
should never read configuration files either.

-- 
... every activity meets with opposition, everyone who acts has his
rivals and unfortunately opponents also.  But not because people want
to be opponents, rather because the tasks and relationships force
people to take different points of view.  [Dr. Fritz Todt]




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007082230.PAA01325>