*BSD News Article 94673


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.enteract.com!newsfeed.enteract.com!tqbf
From: tqbf@char-star.rdist.org (Thomas H. Ptacek)
Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix
Subject: Re: *BSD* Security WWW/Mailing List?
Date: 29 Apr 1997 12:39:50 GMT
Organization: EnterAct, L.L.C.
Lines: 34
Message-ID: <slrn5mbr0m.lhc.tqbf@char-star.rdist.org>
References: <3356E1CC.299E@softway.com.au> <slrn5ll06k.kd3.tqbf@char-star.rdist.org> <5jhur6$51u@innocence.interface-business.de> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org> <5jlr60$f7d@web.nmti.com> <slrn5ltb2l.br4.tqbf@char-star.rdist.org> <5jo5m4$f9v@web.nmti.com> <slrn5m0dbf.jsb.tqbf@char-star.rdist.org> <5jqtkh$mmo@web.nmti.com> <slrn5m22vo.gfb.tqbf@char-star.rdist.org> <5k24qf$mr0@innocence.interface-business.de> <slrn5m9b2n.6le.tqbf@char-star.rdist.org> <DERAADT.97Apr28111834@zeus.pacifier.com>
Reply-To: tqbf@enteract.com
NNTP-Posting-Host: char-star.rdist.org
X-Newsreader: slrn (0.9.1.1 BETA UNIX)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6782 comp.unix.bsd.misc:3114 comp.security.unix:34118


28 Apr 1997 17:18:34 GMT deraadt@theos.com:
>   Yay!
>And they changed the semantics.

The calling convention for issetugid() is identical in OpenBSD and
FreeBSD; they even use the same system call number. The difference between
OpenBSD and FreeBSD is documented explicitly in the source code.

FreeBSD and OpenBSD implement the mechanics of the system call
identically. Both use a proc structure flag that gets set in execve() if
the file being executed is set[ug]id. In both FreeBSD and OpenBSD, this
flag is only unset in execve(), when executing non-set[ug]id code.

I would, incidentally, like to know why this is (why is the flag ever
unset?).

The difference is that OpenBSD creates a new process flag explicitly to
support issetguid(), and FreeBSD uses P_SUGID. The P_SUGID flag is set not
only when executing set[ug]id code, but also any time credentials are
changed explicitly.

I think this is a good idea. I also think that issetugid() really should
be "isprivileged()", and that the more things that set the privilege
flags, the better. I am, however, not a full-time kernel developer, and
few of us have the same level of experience fixing security problems as
the OpenBSD development team, so I'd like to know what you think the issue
here is.

-- 
----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
exit(main(kfp->kargc, argv, environ));