> On Wed, Apr 26, 2000 at 02:55:49PM +0900, itojun@iijlab.net wrote:
> 
>  > >this setbuf() is only needed on systems where setuid-root binaries
>  > >are willing to dump core when run by non-root euid's.  otherwise,
>  > >the stdio buffer could have data from normally-unreadable files.
>  > >(sendmail on sunos was the proximate cause of this pain, with a
>  > >"setenv HOSTALIAS /etc/shadow" as the disease vector.)
>  > 
>  > 	I see, should we put something like this then?  or is NetBSD always
>  > 	safe? (we may need some comment at least)
>  > 
>  > 	if (getuid() != geteuid() || getgid() != getegid())
>  > 		setbuf(fp, NULL)
> 
> I believe NetBSD is safe.  From sys/kern/kern_sig.c:coredump():

HOSTALIASES is ignored for issetugid() processes in FreeBSD, but not 
in NetBSD or OpenBSD.  Perhaps this might be the right place to block 
things ?

>         /*
>          * Make sure the process has not set-id, to prevent data leaks.
>          */
>         if (p->p_flag & P_SUGID)
>                 return (EPERM);
> 
> -- 
>         -- Jason R. Thorpe <thorpej@zembu.com>

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !