Date: Thu, 16 Dec 1999 14:18:18 -0500 (EST) From: Spidey <beaupran@iro.umontreal.ca> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Warner Losh <imp@village.org>, Chris England <cengland@obscurity.org>, freebsd-security@FreeBSD.ORG Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) Message-ID: <14425.15098.737556.573749@anarcat.dyndns.org> References: <14425.12637.308602.637788@anarcat.dyndns.org> <Pine.BSF.3.96.991216135055.26813G-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I really think that this would be a _great_ improvement.
I would be ready to donate time to this. :))
Should I start patching? :)
--- Big Brother told Robert Watson to write, at 13:56 of December 16:
> On Thu, 16 Dec 1999, Spidey wrote:
>=20
> > Yes. Since I've been looking at setuid's on FBSD, my primary concer=
n's
> > been with the ports. I wished there could be some way to have a
> > variable in the Makefiles that say "NOSETUID=3DYES". :))
> >=20
> > We should make a a definite list of all the setuid's in the whole p=
ort
> > tree. Maybe the port maintainers can give a hand?
> >=20
> > Darn.. d=E9j=E0 vu...=20
>=20
> Yup, it's d=E9j=E0 vu all over again. If you want a heavy-handed sec=
urity
> approach, here's how you do it. Define two new Makefile ports variab=
les:
>=20
> HAS_MISC_SET_ID=3D {yes,no}
> HAS_ROOT_SETUID=3D {yes,no}
>=20
> Starting today, warn all ports maintainers that their ports must (ide=
ally
> correctly) define these variables for all of their ports. In two wee=
ks,
> any port that doesn't define both variables is marked as broken. Aft=
er
> one week, we introduce a check in the package building procedure that=
> checks for any setuid or setgid binaries in the installed version. I=
f the
> variable value reported is wrong, the port is marked as broken.
>=20
> We then have an effective and mandated list of ports making use of se=
t?id
> binaries. Each one of these ports undergoes a security view by the
> auditing team--not to fix bugs, just to identify whether the source c=
ode
> is prone to bugs (extensive use of string functions in unsafe ways, e=
tc)
> -- a twenty minute thing. If it's found to be unsafe, the port is ma=
rked
> as unsafe, meaning that packages are not autobuilt for it, and that a=
user
> attempting to install the port is *loudly* warned that the code is un=
safe,
> and they must confirm the install by using make unsafe-install.
>=20
> That's heavy-handed security for you: mandate identification of probl=
ems
> and correctness.
>=20
> This doesn't address daemons (imapd, etc) that also run privileged, b=
ut is
> a good first step.
>=20
> Robert N M Watson=20
>=20
> robert@fledge.watson.org http://www.watson.org/~robert/
> PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1=
> TIS Labs at Network Associates, Safeport Network Services
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--=20
Si l'image donne l'illusion de savoir
C'est que l'adage pretend que pour croire,
L'important ne serait que de voir
Lofofora
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14425.15098.737556.573749>