From owner-freebsd-security Mon Jan 26 17:54:02 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA12900 for security-outgoing; Mon, 26 Jan 1998 17:54:02 -0800 (PST) (envelope-from owner-freebsd-security) Received: from freebsd.coffeehaus.net (qmailr@freebsd.coffeehaus.net [146.115.119.6]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id RAA12846 for ; Mon, 26 Jan 1998 17:53:57 -0800 (PST) (envelope-from jkowall@coffeehaus.net) Message-Id: <199801270153.RAA12846@hub.freebsd.org> Received: (qmail 6972 invoked from network); 27 Jan 1998 01:52:30 -0000 Received: from jkhome.coffeehaus.net (HELO p166) (146.115.119.112) by freebsd.coffeehaus.net with SMTP; 27 Jan 1998 01:52:30 -0000 Reply-To: From: "Jonah Kowall" To: Date: Mon, 26 Jan 1998 20:50:23 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk subscribe jkowall@coffeehaus.net From owner-freebsd-security Thu Jan 29 12:43:21 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA15321 for security-outgoing; Thu, 29 Jan 1998 12:43:21 -0800 (PST) (envelope-from owner-freebsd-security) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15294 for ; Thu, 29 Jan 1998 12:43:18 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from cyrus.watson.org (cyrus.pr.watson.org [192.0.2.4]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id PAA08528 for ; Thu, 29 Jan 1998 15:43:02 -0500 (EST) Date: Thu, 29 Jan 1998 15:43:01 -0500 (EST) From: Robert Watson Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: Secure Linux patch (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk It would be nice to have some of these features (see bottom of email) available on FreeBSD. I don't have the experience/knowledge to do most of this, or I would do it myself :). Most of these are really security work-arounds, and succeed in blocking a number of traditional attacks, although they do not fix the sources of the attack :). Better application writing is the only long-term solution, I suspect. We also have securelevel already, but I am not sure that the features they have match ours. BTW, in -current, has their been any thought to requiring that time monotonically increase (as BSDI has done) while in securelevel > 0? With appropriate use of single-user mode, xntpd, and ntpdate, this can be very useful. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ ---------- Forwarded message ---------- Date: Thu, 29 Jan 1998 19:31:39 -0300 From: Solar Designer To: BUGTRAQ@NETSPACE.ORG Subject: Secure Linux patch Hello, > mkdir /tmp/foo (no sticky bit on foo) > ln /etc/passwd /tmp/foo > mv /tmp/{foo/,}passwd Thanks for reporting this. A stupid problem, I should have thought a bit more of things like this. ;-) I wonder why noone reported it earlier... I wasn't going to release my new patch right now, but since I would have to release a fix anyway, ...here goes the full thing. You can get my new Secure Linux patch at: http://www.false.com/security/linux/secure-linux.tar.gz ftp://ftp.dataforce.net/pub/solar/secure-linux.tar.gz Features: * Non-executable user stack area * Link-in-/tmp fix (fixed;-) * Restricted /proc (extra functionality compared to original route's patch) * Improved securelevel support (finally really secure, and extra features) * Unofficial bugfixes (hope I'll be able to remove them when 2.0.34 is out) Signed, Solar Designer