Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.maxwell.syr.edu!cs.utexas.edu!natinst.com!news-relay.us.dell.com!gater3.sematech.org!news2.amd.com!uuneo.neosoft.com!web.nmti.com!peter From: peter@nmti.com (Peter da Silva) Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 28 Apr 1997 16:26:13 GMT Organization: Network/development platform support, NMTI Lines: 22 Message-ID: <5k2j35$4mf@web.nmti.com> References: <3356E1CC.299E@softway.com.au> <slrn5m0dbf.jsb.tqbf@char-star.rdist.org> <5jqtkh$mmo@web.nmti.com> <slrn5m22vo.gfb.tqbf@char-star.rdist.org> NNTP-Posting-Host: sonic.nmti.com X-No-Archive: yes Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6778 comp.unix.bsd.misc:3109 comp.security.unix:34107 In article <slrn5m22vo.gfb.tqbf@char-star.rdist.org>, Thomas H. Ptacek <tqbf@enteract.com> wrote: > The process flag is inherited. Hmmm. That's not so good, especially if you set it in inetd (either by making it setuid or by having inetd call secureprocess()) because then all processes started from telnetd will have the flag set, which means that pretty much everything not started directly from rc will have the flag set, so the flag will be so diluted to be meaningless. You'd have to give login the ability to clear it, I think, like login can set luid. As it is, it's useful info but I don't think it means you don't have to look at euid to tell if you're really safe doing magic before main(). -- The Reverend Peter da Silva, ULC, COQO, BOFH, KIBO. Har du kramat din varg, idag? `-_-' Vi er alle Kibo. Wir sind alle Kibo.