Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Jan 2000 07:02:26 -0500 (EST)
From:      Omachonu Ogali <oogali@intranova.net>
To:        Sheldon Hearn <sheldonh@uunet.co.za>
Cc:        Adam <bsdx@looksharp.net>, Will Andrews <andrews@TECHNOLOGIST.COM>, freebsd-security@FreeBSD.ORG
Subject:   Re: Parent Logging Patch for sh(1) 
Message-ID:  <Pine.BSF.4.10.10001180657470.99197-100000@hydrant.intranova.net>
In-Reply-To: <6196.948175796@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
The first patch (sh-log.patch) didn't offer denying features, I then wrote
a second one that did. My main focus was on BIND, I haven't seen someone
yet who has smashed the stack and changed argv[0], and secondly, it reads
the process name from the /proc filesystem, so if you do change the
program name on the stack, the original still exists...

Omachonu Ogali
Intranova Networking Group

On Tue, 18 Jan 2000, Sheldon Hearn wrote:

> 
> 
> On Mon, 17 Jan 2000 21:04:07 EST, Omachonu Ogali wrote:
> 
> > http://tribune.intranova.net/archives/sh-log+access.patch adds uid and
> > username logging along with a deny list (/etc/sh.deny).
> 
> When you first posted, you neglected to mention that your patch included
> a deny list (/etc/sh.deny).  This puts a different spin on things. :-)
> 
> While it sounds attractive on the surface, think how easy it is to work
> around -- the exploit code must simply change its progname to something
> which will never be in /etc/sh.deny (e.g. login).
> 
> So your patch scores something useful for a week, whereafter the script
> kiddies catch up and we're back to square one. :-)
> 
> No, if this is to be done, it's with per-process credentials.  Someone
> is already working on such a system for FreeBSD.  Since you seem
> interested in helping out with the process of hardening FreeBSD, I urge
> you to contact Robert Watson, who's spearheading the current hardening
> project.
> 
> You can reach him at Robert Watson <robert+freebsd@cyrus.watson.org>.
> 
> Thanks for your interest in a more secure FreeBSD. :-)
> 
> Ciao,
> Sheldon.
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001180657470.99197-100000>