Date: Sun, 16 Aug 1998 12:45:52 -0600 From: Warner Losh <imp@village.org> To: Philippe Regnauld <regnauld@deepo.prosa.dk> Cc: rotel@indigo.ie, freebsd-security@FreeBSD.ORG Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> Message-ID: <199808161845.MAA16986@harmony.village.org> In-Reply-To: Your message of "Sun, 16 Aug 1998 15:10:56 %2B0200." <19980816151056.63692@deepo.prosa.dk> References: <19980816151056.63692@deepo.prosa.dk> <19980815131309.14782@deepo.prosa.dk> <199808151348.OAA00655@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19980816151056.63692@deepo.prosa.dk> Philippe Regnauld writes: : No, but it will prevent buffer overflows that spawn a root shell : (i.e.: qpopper) -- or am I missing something ? Yes. It adds little to the security of the system. Currently it is all the rage for the egg to do setuid(0); exec /bin/sh. However, if you don't allow that, then there are other things that you'll have to make sure are plugged as well. If you should happen to overflow the stack, you can still execute any code that you want. You can bind to a port, accept connections and get enough of a world that not being able to exec isn't a huge deal. There is more work for the egg to do, but the size of the stack is large enough to have some rather complicated eggs that do things like malloc memory, copy code into that, jump to it, etc. You would still be able to do at least some system calls, even with the fine grain capabilities. Likely you could do enough "damage" to the system that needing a root shell becomes unnecessary. The egg that comes to mind: setuid(0); edit /etc/passwd, et all, to have another root entry then the penetrator can just telnet to the system and have root. There are many other variations on this theme. Sure, it will keep the script-bangers out, until the scrips improve then you are back where you are today. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808161845.MAA16986>