Date: Mon, 1 Jun 1998 11:52:36 +0100 From: njs3@doc.ic.ac.uk (Niall Smart) To: Andrzej Bialecki <abial@nask.pl>, Joe McGuckin <joe@via.net> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Signed executables, safe delete etc. Message-ID: <E0ygSCi-0006lg-00@oak66.doc.ic.ac.uk>
next in thread | raw e-mail | index | archive | help
> On Sun, 31 May 1998, Joe McGuckin wrote: > Yes, that's the situation I'm thinking about. As it was suggested to me by > Niall Smart, we already have something called securelevel. but this > protects only already existing binaries (and not new ones, possibly > exploiting e.g. kernel bugs) I'm not sure what you mean here, securelevels are intended to prevent binaries from being modified by anyone (among other things). You can set the immutable flags for any new binaries you compile. > and only on running system. To be more > precise: I know that when securelevel=2 or something, all the binaries > with immutable and append-only flags cannot be changed. But this doesn't > prevent executing user's own program (possibly in order to get root > shell). The huge majority of exploits can be written in shell script, so I doubt this will help much. For example, the vast majority of buffer overflows can simply be exploited using: suidprog -f `cat shellcode.bin` > What I thought was two separate ideas: > * the system would refuse to execute non-signed binary This is not useful, see my earlier post. Anyway, an easier way to do this would be to only allow the superuser to chmod +x an executable. > * the system would even refuse to boot and to load the kernel without > appropriate authentication. This would require cooperation from filesystem > (like encrypting parts of it, say superblocks) so that attacker couldn't > get the disk to other machine and mount it there. This is a good idea, though I would encrypt the whole disk. I have been thinking about this before and I think the best way to store the key to unlock the filesystem would be on a floppy disk, using stenography to embed it in a picture of Pamela Anderson or something. Anyway, I need to take those anti-paranoia pills now. Niall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0ygSCi-0006lg-00>