From owner-freebsd-hackers Wed Aug 18 15:49:44 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from pop3-3.enteract.com (pop3-3.enteract.com [207.229.143.32]) by hub.freebsd.org (Postfix) with SMTP id 918CA14EA3 for ; Wed, 18 Aug 1999 15:49:39 -0700 (PDT) (envelope-from dscheidt@enteract.com) Received: (qmail 11385 invoked from network); 18 Aug 1999 22:49:23 -0000 Received: from shell-2.enteract.com (dscheidt@207.229.143.41) by pop3-3.enteract.com with SMTP; 18 Aug 1999 22:49:23 -0000 Date: Wed, 18 Aug 1999 17:49:23 -0500 (CDT) From: David Scheidt To: Matthew Dillon Cc: Warner Losh , Garance A Drosihn , hackers@FreeBSD.ORG Subject: Re: lpd security check for changed-file vs NFS In-Reply-To: <199908182237.PAA49807@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 18 Aug 1999, Matthew Dillon wrote: > :For the general case (eg the code checked into the system), the check > :needs to remain enabled. Anything else is insecure. > : > :Warner Oh, absolutely. However, one of the reasons people use an operating system they have source to is to make it work for them. > > I have to agree... whenever one starts discussing weird, esoteric > workarounds one inevitably introduces security holes. I really think > just disabling the -s option may be the best solution. It is apparent that I was unclear. What I meant was use the fstat test for local files. For NFS mounted files, don't use the test, since it doesn't work, and don't allow the the -s option. (Better would be to accept, and ignore the -s, perhaps producing a warning?) David Scheidt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message