Date: Mon, 28 Dec 1998 02:49:51 +0100 From: "H. Eckert" <ripley@nostromo.in-berlin.de> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Magic Message-ID: <19981228024951.C14858@nortobor.nostromo.in-berlin.de> In-Reply-To: <36855859.5D0BD741@acc.am>; from Casper on Sun, Dec 27, 1998 at 01:42:49AM %2B0400 References: <Pine.BSF.3.96.981226113610.16142A-100000@phoenix.aye.net> <36855859.5D0BD741@acc.am>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Casper (casper@acc.am): > What about include in some secure level facility to disable read of > any file if it begins with magic by user (may be by any user, > including root) ? It will disable read of these files .... of course > intruder can bruteforce by changing megic of file & looking to > response :) ... but itlll take a lot of time ... This is not as easy as it may sound. Denying read access is done by proper chmod permissions (which are observed by the kernel already). Doing this inside the kernel itself, probably in some generic read() function, is difficult because system calls have to be able to load the code (provided execution permission is granted and this is checked on opening the file, before any of its contents are known). If such a change is broken you may either have a very complicated NOP or you may end up with a system where *everybody* including root during startup is locked out from running programs. Greetings, Ripley -- H. Eckert, 10777 Berlin, Germany, http://www.in-berlin.de/User/nostromo/ ISO 8859-1: Ä=Ae, Ö=Oe, Ü=Ue, ä=ae, ö=oe, ü=ue, ß=sz. "(Technobabbel)" (Jetrel) - "Müssen wir uns diesen Schwachsinn wirklich anhören?" (Neelix) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981228024951.C14858>