Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)

Lyndon Nerenberg (lyndon@multivac.orthanc.com)
Wed, 12 Jul 1995 23:35:25 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Barman: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Previous message: Casper Dik: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
In reply to: James W. Abendschan: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Next in thread: Aleph One: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"

"James W. Abendschan" writes:

>Maybe I'm completely missing the point, but wouldn't this help?
>
>        linux# chown root.kmem /proc
>        linux# chmod 750 /proc
>
>And then sgid kmem all the binaries that need /proc access:

One of the big reasons for having /proc is to simplify the interface
for debuggers. Doing this means setgid dbx/gdb/adb/...

Wouldn't it be better to have files in /proc export the owner/group/perm
bits of the underlying file (where applicable), with a further restriction
that write access follow the semantics of ptrace(2)? Or perhaps have
/proc/pid/* use the underlying perms, but restrict /proc/pid/fd/* to
being writable only by the current process and the parent as per ptrace(2)?
Of course, write access to /proc/pid/mem effectively bypasses any
additional restrictions placed on /proc/pid/fd/*.

--lyndon

Next message: Scott Barman: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Previous message: Casper Dik: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
In reply to: James W. Abendschan: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
Next in thread: Aleph One: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"