tech-security: Re: NetBSD Security Advisory 2000-001

Subject: Re: NetBSD Security Advisory 2000-001
To: Chris G. Demetriou <cgd@netbsd.org>
From: Soren S. Jorvang <soren@wheel.dk>
List: tech-security
Date: 02/16/2000 04:50:17

  by redmail.netbsd.org with SMTP; 16 Feb 2000 03:50:22 -0000
	by gnyf.wheel.dk (8.9.1/8.9.1) id EAA21397;
	Wed, 16 Feb 2000 04:50:17 +0100 (CET)
Date: Wed, 16 Feb 2000 04:50:17 +0100
From: "Soren S. Jorvang" <soren@wheel.dk>
To: "Chris G. Demetriou" <cgd@netbsd.org>
Cc: tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
Message-ID: <20000216045017.A21387@gnyf.wheel.dk>
References: <14505.23693.773699.404104@passion.geek.com.au> <x6zot2w3h2.fsf@reddwarf.rightnowtech.com> <20000215230900.A6739@antioche.lip6.fr> <x6itzqw0di.fsf@reddwarf.rightnowtech.com> <20000215235049.A6841@antioche.lip6.fr> <20000215235639.B18825@gnyf.wheel.dk> <87g0utgb84.fsf@redmail.netbsd.org> <20000216031307.A20476@gnyf.wheel.dk> <873dqtg9g0.fsf@redmail.netbsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <873dqtg9g0.fsf@redmail.netbsd.org>; from cgd@netbsd.org on Tue, Feb 15, 2000 at 06:36:31PM -0800

On Tue, Feb 15, 2000 at 06:36:31PM -0800, Chris G. Demetriou wrote:
> I think on this grounds (which is _not_ what I got from your previous

That is what I thought Manuel wanted and I agreed fully.

> > Somewhat like 1777 /tmp, user mounts break a number of assumptions
> > and while some of those assumptions may even be unreasonable, it's
> > best to err on the side of caution.
> 
> What kinds of assumptions are you talking about?  (surely, to make
> this claim you must have some in mind!)

What mostly worries me is that it is hard to be sure that we
have thought of everything :-)

(There is also the problem that filesystem writes must have
considered everything before the code is configured in GENERIC,
which I think is a bit unreasonable; user mounts wouldn't be less
of a problem if you specify which ones could be user mounted.)

All security problems that I can think of are taken care of by
things like noexec.

The biggest known problem is the annoyance caused by things like
filesystems mounted on removable media that's no longer there.

> There are definitely some interesting issues that need to be thought
> about when adding this type of feature.  My list goes something like:


-- 
Soren