Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Apr 2002 10:47:22 -0400
From:      Mike Barcroft <mike@FreeBSD.org>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        Garrett Wollman <wollman@lcs.mit.edu>, "M. Warner Losh" <imp@village.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h
Message-ID:  <20020423104722.D72727@espresso.q9media.com>
In-Reply-To: <78396.1019545495@critter.freebsd.dk>; from phk@critter.freebsd.dk on Tue, Apr 23, 2002 at 09:04:55AM %2B0200
References:  <20020422160742.B8421@espresso.q9media.com> <78396.1019545495@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Poul-Henning Kamp <phk@critter.freebsd.dk> writes:
> In message <20020422160742.B8421@espresso.q9media.com>, Mike Barcroft writes:
> 
> >I agree that the current solution to this problem is wrong.  I think
> >the most correct solution would be to fix each set[ug]id program to
> >ensure that it has a working set of the basic std{in,out,err}
> >descriptors by making a series of fstat() calls and watching for a
> >EBADF.
> 
> Right, and the best fix to the middle east situation is to make all
> persons living down there like each other.
> 
> Some times the best fix is just not viable...

Doing the base system will be far easier than say changing all
function declarations from K&R to ANSI C.  The 6 line check could
easily be added to a common libc function, and one line function call
added to the main() of every set[ug]id program.  I'm willing to do
develop a patchset over the weekend.

As far as ports go, every port that relies on the standard file
descriptors being open and doesn't check for them, is vulnerable to
this exploit on almost every UNIX-like system including most versions
of FreeBSD.  Security advisories should be released for those ports
and fixes coordinated with the vendors.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423104722.D72727>