Subject: Re: BSD Authentication
To: Charles Blundell <cb@kittenz.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: current-users
Date: 09/02/2003 10:47:08
On Fri, 29 Aug 2003, Charles Blundell wrote:
> on Fri, Aug 29, 2003 at 11:14:50AM +0100, Dr R.S. Brooks wrote:
> > environments that is not acceptable. If the AFS credential is held as
> > part of a process's kernel state (and is only available to the pid which
> > originally obtained the credential and its decendents), then it's rather more
> > difficult for root to impersonate another user (you have to frob kernel
> > data structures rather than just su'ing to the user).
>
> You could probably just use ptrace(2) to impersonate another user
> with the AFS credentials in the kernel, I think?
You can use ptrace(2) to commit just about any evil. If we actually add a
form of kernel cache, we may add a way for the kernel to require some sort
of credential to let you do a ptrace(2). Another option would be to
disable ptrace(2) via sysctl. I'm not sure if we can do this now.
Take care,
Bill