netbsd-bugs: Re: bin/12740: fstat allows an unprivileged user to see open files belonging to other users

Subject: Re: bin/12740: fstat allows an unprivileged user to see open files belonging to other users
To: None <gnats-bugs@gnats.netbsd.org (NetBSD GNATS submissions and\>
From: Anne Bennett <anne@alcor.concordia.ca>
List: netbsd-bugs
Date: 04/24/2001 15:00:31

Greg A. Woods <woods@weird.com> writes in response to my PR:

>>> Synopsis:       fstat allows an unprivileged user to see open files
>>>                 belonging to other users
>>> Class:          sw-bug
> 
> That's *NOT* a bug.  Maybe it could have been a change-request,

I have no objection to it being a change request instead of a bug
report.  My apologies for being presumptious.

> but then it should have come with changes that made such a restriction a
> non-default option!
> 
> Same goes for pkg/12741

Well, the idea was to make it more restricted by default, leaving the
sysadmin the option to unrestrict it if desired.  I am very happy to
see that NetBSD is now shipping "closed by default" in the areas of
network services, and I assumed that we would want to move in the same
direction in other areas as well.

> and all the silly discussion about restricting ps.

I'm afraid I managed to miss the "silly discussion" about restricting
ps; I imagine I would find it interesting and not silly, though.
Striking a balance between security and convenience is always
difficult and often controversial.  :-(

> Remember, you're using a Unix-based system, not some fabled A1-secure system!

I am well aware of the type of system I am using.

> Unix-based systems create communities, not discourage them!

Much as I find myself curious to know how you see restricting the
"list open files" functions as inimical to community-building, I can
see that I have stumbled into a religious war here, and that
discussion might be a waste of time.

Thanks to the wonders of open source, I have already recompiled lsof
with the (IMHO) appropriate security options, and have simply disabled
fstat on my system for now.

> BTW, your mailer is probably broken too.  The mail headers on your PR
> appeared as:
> 
> 	From: Anne@netbsd.org, Bennett@netbsd.org
> 	Reply-To: Anne@netbsd.org, Bennett@netbsd.org
> 
> which tends to indicate that your mailer failed to qualify the addresses
> in those fields as it is required to do.

My mailer is in fact configured correctly, but it was not used to send
the PR in question; rather I used the web form on the www.netbsd.org
site.  I'm a bit puzzled that this wasn't clear from the message headers.


Anne.
-- 
Ms. Anne Bennett, Senior Analyst, IITS, Concordia University, Montreal H3G 1M8
anne@alcor.concordia.ca                                        +1 514 848-7606