ari wrote: > Currently, root is the only user that can actually drop significant > privileges, as root is the only user that has access to such functions. > This is flawed --- any user should be able to relinquish his privileges, > and i've begun a patch to put this into effect. > > However, the fact that this is a security-related kernel feature > modification warrants peer-review, in both design and implementation. > It would be unwise of me to create the patch without consulting such. > > The web page that discusses the patch may be found at: > > http://www.episec.com/people/edelkind/patches/kernel/flowpriv/ > > I welcome any discussion and criticism.
The biggest risk is that you may have aquired something priviliged in your process memory space or file descriptor table. If you are then fully unpriviliged, then things like ptrace(), core dumps etc, become a minefield. For example, if a process did a getpwnam() before dropping privs, then it may have a cached copy of the secret master.passwd data in memory. Anyway, thats something to keep in mind. Cheers, -Peter -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
