*BSD News Article 94402


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!news.radio.cz!newsbastard.radio.cz!news.radio.cz!CESspool!news.maxwell.syr.edu!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!feed1.news.erols.com!news.enteract.com!newsfeed.enteract.com!tqbf
From: tqbf@char-star.rdist.org (Thomas H. Ptacek)
Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix
Subject: Re: *BSD* Security WWW/Mailing List?
Date: 25 Apr 1997 04:39:11 GMT
Organization: EnterAct, L.L.C.
Lines: 37
Message-ID: <slrn5m0dbf.jsb.tqbf@char-star.rdist.org>
References: <3356E1CC.299E@softway.com.au> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org> <5jlr60$f7d@web.nmti.com> <slrn5ltb2l.br4.tqbf@char-star.rdist.org> <5jo5m4$f9v@web.nmti.com>
Reply-To: tqbf@enteract.com
NNTP-Posting-Host: char-star.rdist.org
X-Newsreader: slrn (0.9.1.1 BETA UNIX)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6751 comp.unix.bsd.misc:3089 comp.security.unix:34003


24 Apr 1997 17:36:04 GMT peter@nmti.com:

[ re: holes in dynamic linkers vs C runtime holes ]
>The difference is too subtle for my tiny brain to perceive.

Reverend da Silva, there's a simple, significant difference. A hole in
start() on FreeBSD is a hole in every C program on the system. A hole in
the dynamic linking process is a hole only in dynamically linked
programs. What's so subtle about this?

Every SUID program on my system is statically linked, and I am still
vulnerable to security problems in the runtime support!

>> EUID checks within library routines are a bad idea. It would help if

>What sort of mechanism are you thinking of? I don't know any conventional

OpenBSD has a simple, effective solution to this problem; when execve()
changes the effective UID/GID due to a SUID/SGID bit on an executable, it
sets a process table flag. They then have a system call that returns the
value of this flag, called "issetugid".

Nothing the application-level code can do will cause this test to return
false when the program is SUID. This is not the case for runtime UID/EUID
checks.

>even an authoritative mechanism for finding out what program you are! All
>you can do is look at your current UIDs.

This is an inadequacy of the kernel, not a fact of life.

-- 
----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
exit(main(kfp->kargc, argv, environ));