Date: Mon, 11 Sep 2000 23:48:04 -0700 (PDT) From: <cracauer@FreeBSD.org> To: cracauer@FreeBSD.org, cracauer@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: bin/19946: possible bug in sh(1) with -p flag (privileged mode) Message-ID: <200009120648.XAA49641@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: possible bug in sh(1) with -p flag (privileged mode) Responsible-Changed-From-To: cracauer->freebsd-bugs Responsible-Changed-By: cracauer Responsible-Changed-When: Tue Sep 12 08:38:56 MEST 2000 Responsible-Changed-Why: This PR is not really a shell bug, but a matter of security policy (sh has a switch -p that - when set - should allow root to su(8) to a user without inheriting anything from that user's dotfiles that would compromise root's account). Personally, I am not used to think of waterproofed security solutions and I see no reason how I should judge over the measurments such a flag must take to protect the user who su'ed. Looking at bash2, it uses an entirely different (and apparently more though-off) approach towards the same problem. I think this needs to be dicussed on -security. If anyone thinks of an appropriate solution (which includes your suggestion - Alexander), please have it reviewed by security@freebsd.org. I will of course be happy to participiate in such a discussion where I can be of help and would commit and maintain a solution that is considered waterproofed by a substancial group of security-knowledgable people. I would also consider removing this switch as long as it's security gain is questionable. -:---F1 foo (Text Fill)--L1--All--------------------------------- http://www.freebsd.org/cgi/query-pr.cgi?pr=19946 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009120648.XAA49641>