Date: Mon, 26 Jul 1999 06:31:14 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: jkoshy@FreeBSD.org Cc: hackers@FreeBSD.org, sef@FreeBSD.org Subject: yet more ways to attack executing binaries (was Re: deny ktrace without read permissions? ) Message-ID: <Pine.BSF.3.96.990726062851.9903C-100000@fledge.watson.org> In-Reply-To: <199907260544.WAA13646@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Another cool attack on this mechanism is if the binary uses shared libraries: modify LD_LIBRARY_PATH so that its favorite shared library is your own version of the library, that proceeds to dump the entire application to disk when executed. The challenge of adding additional sandbox/restrictions outside of the traditional uid boundaries in UNIX is challenging. The number of ways to influence a programs execution is quite sizable... On Sun, 25 Jul 1999 jkoshy@FreeBSD.org wrote: > > > jk> Yes, but /if/ KTRACE is present, today's code allows you to bypass > jk>the lack of read permissions on an executable. That shouldn't be > jk>allowed. The current behaviour could be regarded as a security > jk>hole actually :). > > sef> No more so than core dumps do. > > Yes, but an application can protect itself from an inadvertent core dump. > It can't (today) against being ktrace'd. > > sef> I vote strongly against this change. > > Noted, thanks. > > I will summarize the result of the discussion in a followup to kern/3546. > > Regards, > Koshy > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Computing Laboratory at Cambridge University Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990726062851.9903C-100000>