From owner-freebsd-security  Mon Aug  4 10:41:23 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id KAA14945
          for security-outgoing; Mon, 4 Aug 1997 10:41:23 -0700 (PDT)
Received: from enteract.com (enteract.com [206.54.252.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA14940
          for <security@FreeBSD.ORG>; Mon, 4 Aug 1997 10:41:20 -0700 (PDT)
Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id MAA04433; Mon, 4 Aug 1997 12:41:10 -0500 (CDT)
From: "Thomas H. Ptacek"  <tqbf@enteract.com>
Message-Id: <199708041741.MAA04433@enteract.com>
Subject: Re: Proposed alternate patch for the rfork vulnerability
To: sef@Kithrup.COM (Sean Eric Fagan)
Date: Mon, 4 Aug 1997 12:41:09 -0500 (CDT)
Cc: bde@zeta.org.au, tqbf@enteract.com, security@FreeBSD.ORG
Reply-To: tqbf@enteract.com
In-Reply-To: <199708041703.KAA16417@kithrup.com> from "Sean Eric Fagan" at Aug 4, 97 10:03:55 am
X-Mailer: ELM [version 2.4 PL24 ME8a]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> I'm sorry, Bruce, but having the file descriptor sharing break on
> exec is the ONLY way to have it make sense, let alone be secure.

The problem is specifically an issue with an interaction between the
rfork() resource sharing semantics and the SUID bit. The problem is
equally well solved by ignoring the SUID bit.

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"If you're so special, why aren't you dead?"