YAMAMOTO Takashi | 2 May 05:35 2007
Picon

disable paxctl for netbsd-4 (Re: segvguard [was: Re: CVS commit: src/sys/sys])

> > No, let's not invent a new ELF phdr type -- we don't control the ELF
> > specification, but we do control the contents of our own PT_NOTE fields.
> 
> from christos, see attached patch. it moves the PaX flags to the netbsd
> PT_NOTE. comments?
> 
> -e.

as there seems to be a consensus that it isn't desirable to use
PF_MASKOS for these, i'd suggest to disable paxctl for netbsd-4 to
avoid future compatibility issues.

YAMAMOTO Takashi

Elad Efrat | 2 May 21:40 2007

Re: disable paxctl for netbsd-4 (Re: segvguard [was: Re: CVS commit: src/sys/sys])

YAMAMOTO Takashi wrote:
>>> No, let's not invent a new ELF phdr type -- we don't control the ELF
>>> specification, but we do control the contents of our own PT_NOTE fields.
>> from christos, see attached patch. it moves the PaX flags to the netbsd
>> PT_NOTE. comments?
>>
>> -e.
> 
> as there seems to be a consensus that it isn't desirable to use
> PF_MASKOS for these, i'd suggest to disable paxctl for netbsd-4 to
> avoid future compatibility issues.
> 
> YAMAMOTO Takashi

the proper implementation using fileassoc could have been written in the
time period from when I pointed this out to now. :)

...anyway, I don't have a strong opinion about this, so "okay".

-e.

Jeremy C. Reed | 4 May 23:55 2007
Picon

login allows login without password

Run "login" (as non-root). Get "login:" prompt. Enter the username of 
the user you originally ran login as. And you will be logged in without 
any password.

Yes, I know it is "secure" for an already authenticated user to switch to 
to same user.

But having a "login:" prompt without real authentication is misleading. It 
should always ask for password even if redundant. For example, if login: 
prompt scrolls user may forget and assume that he is logged out. (It may 
scroll by due to log messages dumped to console maybe.)

For example, no prompt for password:

login: 
login: 
login: 
login: 
login: 
login: 
login: 
login: 
login: 
login: 
login: 
login: 
login: 
login: reed
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
    The NetBSD Foundation, Inc.  All rights reserved.
(Continue reading)

John Nemeth | 5 May 11:53 2007
Picon

Re: login allows login without password

On Aug 20,  5:03am, "Jeremy C. Reed" wrote:
} 
} Run "login" (as non-root). Get "login:" prompt. Enter the username of 
} the user you originally ran login as. And you will be logged in without 
} any password.
} 
} Yes, I know it is "secure" for an already authenticated user to switch to 
} to same user.
} 
} But having a "login:" prompt without real authentication is misleading. It 
} should always ask for password even if redundant. For example, if login: 
} prompt scrolls user may forget and assume that he is logged out. (It may 
} scroll by due to log messages dumped to console maybe.)
} 
} For example, no prompt for password:
} 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: 
} login: reed
(Continue reading)

Patrick Welche | 5 May 18:28 2007
Picon
Picon

Re: login allows login without password

On Sat, May 05, 2007 at 02:53:55AM -0700, John Nemeth wrote:
>      We got PAM from FreeBSD.  Looking at http://cvsweb,freebsd.org/ ,
> I see that they still use pam_self.so.  This is a change in behaviour
> from pre-PAM.  Changing it now would be a change in behaviour from the
> way it currently works (and the way it works on FreeBSD).  However, it
> would be restoring traditional behaviour and you make some good
> points.  I'll wait a few days and if nobody yells, I'll make the change
> you suggest.

It would indeed be restoring pre-PAM behaviour:

% uname -r
4.99.19
% grep -i pam /etc/mk.conf
MKPAM=no
% login
login: 
login: 
login: 
login: 
login: 
login: 
login: prlw1
Password:
Login incorrect or refused on this terminal.
login: 

Jeremy C. Reed | 11 May 22:07 2007
Picon

overwriting and copying keeps original setuid bit

I noticed that overwriting an setuid file with a non-setuid file keeps the 
original setuid bit.

I noticed this on an old version of NetBSD-current when I installed my 
smtp outbound mail relay that is setgid (not setuid).

And reproduced on NetBSD 3.1:

ca# echo hello > abc     
ca# echo something else > def
ca# chown reed def            
ca# chown root abc            
ca# chmod 4755 abc            
ca# ls -l abc def             
-rwsr-xr-x  1 root  reed   6 May 11 12:57 abc
-rw-r--r--  1 reed  reed  15 May 11 12:57 def
ca# cp def abc                
ca# ls -l abc def  
-rwsr-xr-x  1 root  reed  15 May 11 12:58 abc
-rw-r--r--  1 reed  reed  15 May 11 12:57 def

Even copying it saves the setuid:

ca# cp abc ghi
ca# ls -l ghi        
-rwsr-xr-x  1 root  reed  15 May 11 12:58 ghi

Now as non-root:

The following as non-root loses the setuid bit if overwritten -- but keeps 
(Continue reading)

George Georgalis | 14 May 21:27 2007

Re: overwriting and copying keeps original setuid bit

On Fri, May 11, 2007 at 03:07:55PM -0500, Jeremy C. Reed wrote:
>Keeping a previous file's setuid (or setgid) is wrong.

I hear you, but the -p flag does address that, cp and preserve
permissions vs copy data not attributes.

but it reminds me of something I've wondered about. is there
a place for a atomic copy in base, eg copy to tmp file and
rename to target? That would accomplish copy with respect to
uid/gid/umask/etc.

// George

--

-- 
George Georgalis, information systems scientist <IXOYE><


Gmane