Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <tech-kern@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 11/30/2000 21:48:30
[ On Thursday, November 30, 2000 at 23:45:54 (+0100), Ignatios Souvatzis wrote: ]
> Subject: Re: Addition to force open to open only regular files
>
> On Thu, Nov 30, 2000 at 05:31:35PM -0500, Greg A. Woods wrote:
> > Well, yeah, but if you can get control over your own original UID, then
> > exactly what have you gained?
> 
> Think "email reader".
> 
> If a student can send my boss an email that will cause his email
> reader to execute the students code, he can gain access to my bosses
> data. Say, LaTeX file with next weeks' test.
> 
> Not good.

No, not good at all, but also not in any way related to any set-ID
issues (unless of course the mailer is running set-ID, which of course
is a pretty brain-dead thing to do these days!).  That's just a case of
sanitizing normal user-provided data before acting upon it --
i.e. robust programming.  Of course there's only so much you can do and
so far you can go to protect a user from himself or herself -- if the
mailer has a feature that allows the message body to be piped to a
program, and the user chooses /bin/sh or some such similarly capable
interpreter as the program to pipe it to, then too bad for them.  About
the best you can do is warn them if the program happens to be listed in
/etc/shells or something silly like that and give them a second chance
to re-consider their apparently dangerous action.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>