Date: Wed, 18 Aug 1999 19:48:23 -0400 (EDT) From: Barrett Richardson <barrett@phoenix.aye.net> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Any work around for this FreeBSD bug/DoS ? Message-ID: <Pine.BSF.4.01.9908181937100.4210-100000@phoenix.aye.net> In-Reply-To: <4.1.19990817212048.0526b150@granite.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Aug 1999, Mike Tancsa wrote: > >I've been using a mechanism that prevents the running the arbitrary > >executables on my systems. I require a flag bit to be set for an > >executable to be run -- so if script kiddie uploads or creates > >a binary executable it wont run, unless I approve it by setting the > >flag. At the moment I let shell scripts slide which will leave you > >vunerable to perl -- but that could be easily changed. > > Interesting concept, but I guess it would get only the dumbest script > kiddies. Also, more and more exploits seem to be released on perl to make > them 'cross platform compatible'. > > ---Mike Indeed true, but not a problem. Require scripts to have the flag also, and hack perl to check for the flag for scripts passed on the command line. I currently am not implementing it this way, but have it ready to go into place should it become a problem. Additionally I put a small hack into ld-elf.so.1 so that everything gets the same level of trust as a suid executable as far as LD_LIBRARY_PATH is concerned. - Barrett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9908181937100.4210-100000>