Subject: Re: setbuf() in hostalias()
To: None <tech-net@netbsd.org>
From: Jason R Thorpe <thorpej@zembu.com>
List: tech-net
Date: 04/25/2000 23:44:00
On Wed, Apr 26, 2000 at 02:55:49PM +0900, itojun@iijlab.net wrote:
> >this setbuf() is only needed on systems where setuid-root binaries
> >are willing to dump core when run by non-root euid's. otherwise,
> >the stdio buffer could have data from normally-unreadable files.
> >(sendmail on sunos was the proximate cause of this pain, with a
> >"setenv HOSTALIAS /etc/shadow" as the disease vector.)
>
> I see, should we put something like this then? or is NetBSD always
> safe? (we may need some comment at least)
>
> if (getuid() != geteuid() || getgid() != getegid())
> setbuf(fp, NULL)
I believe NetBSD is safe. From sys/kern/kern_sig.c:coredump():
/*
* Make sure the process has not set-id, to prevent data leaks.
*/
if (p->p_flag & P_SUGID)
return (EPERM);
--
-- Jason R. Thorpe <thorpej@zembu.com>