Date: Thu, 27 Aug 1998 22:47:31 +0200 From: Eivind Eklund <eivind@yes.no> To: rotel@indigo.ie, dyson@iquest.net, joelh@gnu.org Cc: imp@village.org, dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <19980827224731.61006@follo.net> In-Reply-To: <199808272016.VAA01420@indigo.ie>; from Niall Smart on Thu, Aug 27, 1998 at 09:16:13PM %2B0000 References: <19980825154320.29030@follo.net> <199808272016.VAA01420@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 27, 1998 at 09:16:13PM +0000, Niall Smart wrote: > On Aug 25, 3:43pm, Eivind Eklund wrote: > } Subject: Re: I want to break binary compatibility. > > On Mon, Aug 24, 1998 at 10:36:24PM +0000, Niall Smart wrote: > > > On Aug 24, 1:20am, "John S. Dyson" wrote: > > > > Try modifying your system so that one of the flags bits is required to > > > > run a program. It would the require both the flags bit and the executable > > > > bit. Make sure the system cannot allow anyone but root set the chosen > > > > flags bit. Maybe you could use the immutable flag, for this so that you > > > > get theoretical immutability along with the ability to run code. You > > > > might want to relax the restriction for root, but maybe not (depending > > > > on how your admin scheme is setup.) > > > > > > None of these hacks achieve security. You, of all people, should > > > know better. The original poster should figure out how they are > > > breaking in and close the hole, obfuscation schemes like the above > > > are a waste of time. > > > > As I see it, this is not an obfuscation scheme - it is a security > > layer blocking anybody but root from creating runnable programs (or, > > if you are running at a higher secure-level, block anybody from > > creating runnable programs). > > You're basically trying to disable chmod +x for anyone but root, > but to do that properly you have to audit every program the user > has permission to execute and each library which those programs > use. It's _far_ easier to understand how they are getting in. Eh? What? You don't have to audit anything - you just add a check for this in the places in the kernel where you start an executable. And we were talking of a new flag, not a change to the mode structure... This effectively deny the user the possibility of creating new executables; if you also limit the possibility of setting the flag to only be at low securelevel, you have removed the possibility of creating new executables even with root access. Clearly a security win in my book, and has _nothing_ to do with obscurity. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980827224731.61006>