Date: Mon, 4 Jan 1999 21:43:03 +0100 (MET) From: Christian Wolf <Christian.Wolf@MedIS.DE> To: hm@hcs.de Cc: freebsd-isdn@FreeBSD.ORG Subject: Re: regexp program Message-ID: <Pine.GSO.3.96.990104213249.5700A-100000@sun-chris.medis.de> In-Reply-To: <19990104204911.B5702@hcswork.hcs.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! On Mon, 4 Jan 1999, Hellmuth Michaelis wrote: > On Mon, Jan 04, 1999 at 08:06:13PM +0100, Wilko Bulte wrote: > > > > Security is a concern, true. It would be the (sick) hack of the > > century if you could stick a regexp/regprog in somebody's isdnd.rc > > that did (e.g) 'dd if=/dev/zero of=/dev/rsd0c' If I could stick a regexp/regprog in somebody's isdnd.rc I can do a 'dd if=/dev/zero of=/dev/rsd0c' as well, can't I? > > In that respect I'd say it might make sense to not execute the regprog as root. > > It looks like isdnd/exec.c just execs whatever you feed it. Maybe a setuid(nobody) > > first? > > Something like that - on the other side: who should be permitted to access > /dev/i4b* and wouldn't it be appropriate at this time to add group "isdn" > to /etc/groups? > > I really didn't thought about all this stuff much, what do other people > think about that ? > > Thoughts, comments ? Make isdnd check the owner and permission of isdnd.rc. If it is not owned by root(0) or has not a mode like 0644 isdnd should refuse it. Regards, Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.990104213249.5700A-100000>