Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Joerg Czeranski: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
• Previous message: Scott Barman: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
• In reply to: James W. Abendschan: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
• Next in thread: don@paranoia.com: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"

On Wed, 12 Jul 1995, James W. Abendschan wrote:

> Maybe I'm completely missing the point, but wouldn't this help?
>
>         linux# chown root.kmem /proc
>         linux# chmod 750 /proc
>
> And then sgid kmem all the binaries that need /proc access:
>
>         linux# chown root.kmem `which w` `which ps` `which top` (etc)
>         linux# chmod 2755 `which w` `which ps` `which top` (etc)
>
> This restricts ordinary users from wandering around in /proc, and
> thus being able to access the "unclosed" files.
>

You are. The whole point of /proc is not only make things like ps, w, etc
not to have to go looking into the kernel memeory but also to allow
people easy access to information trough /proc. If we make it group
kmem we might as well dump it and keep doing it the old way.

/proc is a "Good Thing(tm)" just need to figure out the right perms
for the right files.

> James
>
> --
> James Abendschan               jwa@nbs.nau.edu            Will Hack For Food
>             <a href="http://www.nbs.nau.edu/~jwa">Zero Funk Kick</a>
>

• Next message: Joerg Czeranski: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
• Previous message: Scott Barman: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
• In reply to: James W. Abendschan: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"
• Next in thread: don@paranoia.com: "Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)"