*BSD News Article 94081


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!ais.net!uunet!in3.uu.net!206.109.2.48!bonkers!web.nmti.com!peter
From: peter@nmti.com (Peter da Silva)
Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix
Subject: Re: *BSD* Security WWW/Mailing List?
Date: 21 Apr 1997 19:41:32 GMT
Organization: Network/development platform support, NMTI
Lines: 24
Message-ID: <5jgftc$3so@web.nmti.com>
References: <3356E1CC.299E@softway.com.au> <slrn5li6bf.rjd.tqbf@char-star.rdist.org> <5jd1jt$m30@web.nmti.com> <slrn5ll06k.kd3.tqbf@char-star.rdist.org>
NNTP-Posting-Host: sonic.nmti.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6705 comp.unix.bsd.misc:3045 comp.security.unix:33814


In article <slrn5ll06k.kd3.tqbf@char-star.rdist.org>,
Thomas H. Ptacek <tqbf@enteract.com> wrote:
> 20 Apr 1997 12:19:09 GMT peter@nmti.com:
> >> FreeBSD is also the first operating system in the history of Unix to have
> >> a published security vulnerability in crt0 start(). =)
> >The others just haven't admitted it?

> None of the other BSD's have had one. =)

You sure? All the "LD_LIBRARY_PATH" attacks on login via telnetd are the
same chunk of code. They got fixed by making telnetd more paranoid, but
they certainly qualify. And SunOS is definitely BSD. Or should I say "was"
(I've still got some SunOS 4.x boxen here)?

It's my humble opinion that unless absolutely necessary no program running
with root privileges that users can feed stuff into from its parent process
should be dynamically linked.

That includes anything setuid, and anything run as root by a daemon.
-- 
           The Reverend Peter da Silva, ULC, COQO, BOFH, KIBO.

Har du kramat din varg, idag? `-_-'                            Vi er alle Kibo.
                                                            Wir alle sind Kibo.