OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re: [Fwd: Truth about ssh 1.2.27 vul

Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]

Cy Schubert - ITSD Open Systems Group (Cy.Schubertuumail.gov.bc.ca)
Tue, 05 Oct 1999 06:48:57 -0700

In message <Pine.LNX.4.05.9910050245560.30830-100000jason.argos.org>,
Mike Now
lin writes:
>
> > owned by root or the UID/EUID of the process. This is what Solar
> > Designer's patches for Linux have done for some time now. It seems to
> > break little (nothing, except POSIX? ;) and is quite effective. SolarD's
>
> Not sure if your comment SAID that it breaks POSIX or not, but in this day
> and age of trying to come up with a standard that people can both believe
> in and rely on, "breaking POSIX" isn't something that should be taken too
> lightly. Although there's a lot of quirks and overall dumbness in POSIX,
> the rules were meant for a reason. I don't claim to be a POSIX expert,
> but if this did break one of the guidelines, it would be a shame to have
> to come back in three or four years and say "Linux and FreeBSD? Well,
> they're sort of POSIX-compliant, but they screwed it up by....."
>
> Maybe there's some other (better) way to solve this problem?

Any justified deviations from POSIX should have a sysctl or login.conf
knob and be documented or even produce a warning when an insecure POSIX
feature is enabled. I think this way we can have our cake and eat it
too.

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy.Schubertuumail.gov.bc.ca
ITSD Cy.Schubertgems8.gov.bc.ca
Province of BC
                      "e**(i*pi)+1=0"

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2.0b3 on Tue Oct 05 1999 - 10:15:07 CDT