Date: Fri, 28 Aug 1998 12:21:19 +1000 (EST) From: Nicholas Charles Brawn <ncb05@uow.edu.au> To: Niall Smart <rotel@indigo.ie> Cc: freebsd-security@FreeBSD.ORG Subject: Re: trusted path execution patch Message-ID: <Pine.SOL.4.02A.9808281217420.11697-100000@banshee.cs.uow.edu.au> In-Reply-To: <199808271937.UAA01055@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Aug 1998, Niall Smart wrote: > On Aug 26, 2:32am, Nicholas Charles Brawn wrote: > } Subject: trusted path execution patch > > > For those not familiar with route's patch (Phrack 52, article 6), it > > limits the execution of binaries to those in directories designated as > > "trusted". That being (in this case), those that aren't writable by > > group or other, and are owned by either root, bin, or have the gid of a > > "trusted" group. > > So are you going to audit all those utilities in the trusted path > for buffer overflows? > > Niall > > -- > Niall Smart, rotel@indigo.ie. > Amaze your friends and annoy your enemies: > echo '#define if(x) if (!(x))' >> /usr/include/stdio.h > Hahah. Well, that's another problem that was pointed out. I'm working on an idea that has been tossed around before to prevent buffer overflows. And no, i'm not suggesting we recompile everything with stackguard. :) Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A "When in doubt, ask someone wiser than yourself..." -unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.02A.9808281217420.11697-100000>