On Sat, Aug 23, 2003 at 11:36:04AM +0200, Milan P. Stanic wrote: | > Allowing the dhcp server to write to /dev/mem because it's UID 0 and Unix | > security sucks is a bug. | | The problem isn't with UID 0, but with bugs in software.
No. The problem is an insecure design that forces the DHCP server to have root priviledges. A finer-grained security would give the DHCP server /just/ enough rights to send and receive the network packets it wants and only fiddle with the files that it actually needs (/var/lib/dhcp/....). | I think that the problem cannot be solved in wrong place. It isn't | possible to have secure DHCP server by fixing kernel, but by writing | secure (OK, with less bugs) DHCP server. A kernel with the ability to lock down processes even further would mean that a buggy DHCP server couldn't be exploited to e.g. scribble all over /dev/mem. This is what systems like grsecurity or SE Linux are trying to do. Which is not to say that less-buggy software is a bad goal; but the reality is that programmers are human, and /do/ make mistakes. Cameron.