Subject: Re: setbuf() in hostalias()
To: None <firstname.lastname@example.org>
From: Brian Somers <brian@Awfulhak.org>
Date: 04/26/2000 14:54:27
> On Wed, Apr 26, 2000 at 02:55:49PM +0900, email@example.com wrote:
> > >this setbuf() is only needed on systems where setuid-root binaries
> > >are willing to dump core when run by non-root euid's. otherwise,
> > >the stdio buffer could have data from normally-unreadable files.
> > >(sendmail on sunos was the proximate cause of this pain, with a
> > >"setenv HOSTALIAS /etc/shadow" as the disease vector.)
> > I see, should we put something like this then? or is NetBSD always
> > safe? (we may need some comment at least)
> > if (getuid() != geteuid() || getgid() != getegid())
> > setbuf(fp, NULL)
> I believe NetBSD is safe. From sys/kern/kern_sig.c:coredump():
HOSTALIASES is ignored for issetugid() processes in FreeBSD, but not
in NetBSD or OpenBSD. Perhaps this might be the right place to block
> * Make sure the process has not set-id, to prevent data leaks.
> if (p->p_flag & P_SUGID)
> return (EPERM);
> -- Jason R. Thorpe <firstname.lastname@example.org>
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !