From owner-doc-jp@jp.freebsd.org  Tue Aug 19 11:48:27 1997
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta6/8.7.3) id LAA15538
	Tue, 19 Aug 1997 11:48:27 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta6/8.7.3) with ESMTP id LAA15527
	for <doc-jp@jp.freebsd.org>; Tue, 19 Aug 1997 11:48:25 +0900 (JST)
Received: (from uucp@localhost) by rayearth.rim.or.jp (8.8.5/3.5Wpl2-uucp1/RIMNET) with UUCP
	id LAA13710 for doc-jp@jp.freebsd.org; Tue, 19 Aug 1997 11:48:23 +0900 (JST)
Received: from ron.snipe.rim.or.jp (localhost.snipe.rim.or.jp [127.0.0.1]) by ron.snipe.rim.or.jp (8.8.5/3.5Wpl7) with ESMTP
	id LAA03376 for <doc-jp@jp.freebsd.org>; Tue, 19 Aug 1997 11:05:25 +0900 (JST)
Message-Id: <199708190205.LAA03376@ron.snipe.rim.or.jp>
To: doc-jp@jp.freebsd.org
Date: Tue, 19 Aug 1997 11:05:24 +0900
From: Motoyuki Konno <motoyuki@snipe.rim.or.jp>
Reply-To: doc-jp@jp.freebsd.org
Precedence: bulk
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=20]
X-Sequence: doc-jp 3107
Subject: [doc-jp 3107] Re: <WWW> security.sgml
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org

  $B:#Ln$G$9!#$A$g$C$HCY$$JV;v$K$J$j$^$7$?!#(B

In the message <33F70FF3.41C67EA6@cheerful.com>,
$B$K$7$+(B $B$5$s(B wrote:

>   $B0J2<$NC18l$K$D$$$F$OE,@Z$JLu$,8+$D$+$j(B
>   $B$^$;$s$G$7$?(B. $B::FI$NH?1GCJ3,$G5[<}$7$?$$(B
>   $B$H;W$C$F$^$9(B.
>
>   <exploit>
>
>      security@FreeBSD.org $B$G$b$h$/8+$+$1$^$9(B
>      $B$1$l$I(B, $BE,@Z$JLu$,$"$j$^$7$?$i(B, $B$465<x(B
>      $B4j$$$^$9(B.

  $BLuJ8$r$_$^$7$?!#$3$N(B exploit $B$N6aJU$K$"$k(B privs $B$r(B private $B$NN,$H$7$F(B
$B$$$k$h$&$G$9$,!"A08e4X78$+$i$_$F(B privs = privileges $BFC8"(B $B$@$H;d$O;W$$$^(B
$B$9!#$G!"$3$N(B exploit $B$K$O!J?M$N<eE@$dL5CN$J$I$r!KMxMQ$9$k!"?)$$J*$K$9$k(B
$B$H$$$&0UL#$,$"$k$h$&$G$9!#(B

   Just because you drop privs somewhere doesn't
   necessarily mean that no exploit is possible.
   ------------------------------------------------
   $BI,MW$N$J$$=j$G$O!JLuCm(B root $B$J$I$N!KFC8"$r;H$o$J$$$+$i$H$$$C$F(B
   $B!J?/F~<T$K!K0-MQ$5$l$k2DG=@-$,$J$/$J$k$o$1$G$O$"$j$^$;$s(B.

$B$H$7$F$O$$$+$,$G$7$g$&$+!)(B


>   <race>

  ($BCfN,(B)

>      $B$3$A$i$O$"$^$j0UL#$,$h$/DO$a$^$;$s$G$7$?(B.
>      $B$3$N(B race $BLdBj$K$D$$$F>\$7$/=q$+$l$?$b$N$,(B
>      $B$"$j$^$7$?$i(B, ($B>pJs%]%$%s%?$@$1$G9=$$$^$;$s(B
>      $B$N$G(B)$B65$($F2<$5$$(B.

  mktemp(3), tempnam(3), tmpnam(3) $B$O$$$:$l$b%F%s%]%i%j!&%U%!%$%k:n@.$N(B
$B$?$a$N%f%K!<%/$J%U%!%$%kL>$rJV$94X?t$G$9!#$?$H$($P(B

        char *filename = mktemp ($B$J$s$H$+(B);
        FILE *f = fopen (filename, $B$J$s$H$+(B);

$B$N$h$&$K;H$&Lu$G$9$,!"(B mktemp $B$H(B fopen $B$N4V$KB>$N%W%m%;%9$,$=$N%U%!%$%k(B
$BL>$r;H$C$F$7$^$&2DG=@-$,$"$j$^$9!#FC$K(B /tmp $B$G$O$=$N2DG=@-$,Bg$G$9!#F1$8(B
$B%U%!%$%kL>$,6%9g$9$k(B (race) $B$N$G$9!#(B

  $B$3$l$KBP$7!"(B tmpfile(3), mkstemp(3) $B$O%F%s%]%i%j%U%!%$%k$r:n@.$9$k4X?t(B
$B$J$N$G$3$N$h$&$J6%9g$,$*$-$^$;$s!#>\$7$/$O(B mkstemp(3) $B;2>H!#(B

---
------------------------------------------------------------------------
$B:#Ln(B  $B85G7!w;3M|0e2JBg3X(B        mkonno@res.yamanashi-med.ac.jp  (Univ)
                                motoyuki@snipe.rim.or.jp        (Home) 
                                http://www.st.rim.or.jp/~motoyuki/
