From owner-freebsd-chat  Mon Nov 18 10:18:52 1996
Return-Path: owner-chat
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA02341
          for chat-outgoing; Mon, 18 Nov 1996 10:18:52 -0800 (PST)
Received: from grackle.grondar.za (grackle.grondar.za [196.7.18.131])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA02318;
          Mon, 18 Nov 1996 10:18:46 -0800 (PST)
Received: from grackle.grondar.za (localhost.grondar.za [127.0.0.1]) by grackle.grondar.za (8.8.2/8.7.3) with ESMTP id UAA12284; Mon, 18 Nov 1996 20:17:38 +0200 (SAT)
Message-Id: <199611181817.UAA12284@grackle.grondar.za>
To: Don Lewis <Don.Lewis@tsc.tdk.com>
cc: Bill Fenner <fenner@parc.xerox.com>, chat@freebsd.org,
        security@freebsd.org
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
Date: Mon, 18 Nov 1996 20:17:37 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-chat@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Don Lewis wrote:
> I'm not counting on gaining much security that way, but my philosophy
> is to remove everything that isn't absolutely needed.  What isn't present
> can't be used against me.  I do consider the importation of any files
> to be a security breach. 
> 
> I just thought of a totally wicked way of guarding against imported binaries,
> though.  Just randomize the syscall numbers when building the kernal and
> userland binaries.  For best effect, the userland binaries should be
> statically linked and the shared libraries removed.  As long as the kernel
> can withstand crashme, it should be fine ;-)  Too bad it looks like such
> a pain to do this :-(

Much easier is to put the users onto a volume that is mounted -noexec.
This works for compiled binaries, not scripts.

M
--
Mark Murray                PGP key fingerprint = 80 36 6E 40 83 D6 8A 36
This .sig is umop ap!sdn.                        BC 06 EA 0E 7A F2 CE CE