From owner-cvs-all Tue Apr 23 8:25:56 2002 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id C792537B416; Tue, 23 Apr 2002 08:25:43 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g3NFPgH77817; Tue, 23 Apr 2002 09:25:42 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g3NFPfb26173; Tue, 23 Apr 2002 09:25:41 -0600 (MDT) (envelope-from imp@village.org) Date: Tue, 23 Apr 2002 09:25:14 -0600 (MDT) Message-Id: <20020423.092514.68569803.imp@village.org> To: mike@FreeBSD.org Cc: phk@critter.freebsd.dk, wollman@lcs.mit.edu, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h From: "M. Warner Losh" In-Reply-To: <20020423104722.D72727@espresso.q9media.com> References: <20020422160742.B8421@espresso.q9media.com> <78396.1019545495@critter.freebsd.dk> <20020423104722.D72727@espresso.q9media.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20020423104722.D72727@espresso.q9media.com> Mike Barcroft writes: : Poul-Henning Kamp writes: : > In message <20020422160742.B8421@espresso.q9media.com>, Mike Barcroft writes: : > : > >I agree that the current solution to this problem is wrong. I think : > >the most correct solution would be to fix each set[ug]id program to : > >ensure that it has a working set of the basic std{in,out,err} : > >descriptors by making a series of fstat() calls and watching for a : > >EBADF. : > : > Right, and the best fix to the middle east situation is to make all : > persons living down there like each other. : > : > Some times the best fix is just not viable... : : Doing the base system will be far easier than say changing all : function declarations from K&R to ANSI C. The 6 line check could : easily be added to a common libc function, and one line function call : added to the main() of every set[ug]id program. I'm willing to do : develop a patchset over the weekend. Does this also go for all the ports in the ports tree? What about legacy binaries? : As far as ports go, every port that relies on the standard file : descriptors being open and doesn't check for them, is vulnerable to : this exploit on almost every UNIX-like system including most versions : of FreeBSD. Security advisories should be released for those ports : and fixes coordinated with the vendors. Right. That's why we added this to the kernel. There is about 0 chance of removing it from the kernel at this point. I know people hate it, but *NONE* of the other solutions are secure. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message