Re: OpenBSD work on Tcpdump privilege separation

[Pekka Savola <pekkas () netcore fi>]

On Wed, 25 Feb 2004, Rodrigo Rubira Branco wrote:
> Simply call to setuid(getuid()) isn't sufficient, because if an attacker 
>   discovery buffer overflow, is possibly to he insert call to setuid in 
> your shellcode, and gain root privilegies.

Hmm.. I'm not sure if I understand what you're referrning to?  Could 
you elaborate + provide a patch or description of the "proper" means?

It is assumed that the attacker would only be able to insert shellcode 
or exploit the system after the privileges have been dropped -- not 
before that.

Note that setuid(getuid()) is only done if the binary is setuid root.  
For regular binary, you'll setuid to the specific account.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe