From owner-freebsd-security  Wed Aug 18 17:22:36 1999
Delivered-To: freebsd-security@freebsd.org
Received: from eunice.vinton.com (eunice-out.vinton.com [204.202.33.15])
	by hub.freebsd.org (Postfix) with ESMTP id E212314C24
	for <freebsd-security@FreeBSD.ORG>; Wed, 18 Aug 1999 17:22:34 -0700 (PDT)
	(envelope-from jrozes+935022158.3658973423@vinton.com)
Received: from molloy.vinton.com (molloy.vinton.com [204.202.33.3])
	by eunice.vinton.com (8.8.8/8.8.7) with ESMTP id RAA07765;
	Wed, 18 Aug 1999 17:22:38 -0700 (PDT)
Received: (from jrozes@localhost)
	by molloy.vinton.com (8.8.8/8.8.8) id RAA00952;
	Wed, 18 Aug 1999 17:22:38 -0700 (PDT)
X-Authentication-Warning: molloy.vinton.com: jrozes set sender to jrozes+935022158.3658973423@vinton.com using -f
Date: Wed, 18 Aug 1999 17:22:36 -0700 (PDT)
From: Jonathan Rozes <jrozes+935022158.3658973423@vinton.com>
Reply-To: Jonathan Rozes <jrozes@vinton.com>
To: Barrett Richardson <barrett@phoenix.aye.net>
Cc: Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG
Subject: Re: Any work around for this FreeBSD bug/DoS  ?
In-Reply-To: <Pine.BSF.4.01.9908181937100.4210-100000@phoenix.aye.net>
Message-ID: <Pine.SGI.3.96.990818170353.837A-100000@molloy.vinton.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 18 Aug 1999, Barrett Richardson wrote:

> Indeed true, but not a problem. Require scripts to have the flag also,
> and hack perl to check for the flag for scripts passed on the command
> line.

That's not enough to 'fix' perl. You'll also need to take away from perl
the ability to use the '-e' switch and the ability to read from stdin. If
you want to be really pedantic, you could also force taint checking for
all scripts, regardless of whether they want it or not.

I started to implement something like this for OpenBSD, using the regular
filesystem immutable flag on binaries, but stopped when I kept thinking of
new ways for a determined attacker to bypass it. In the end, I just
arranged things such that all filesystems with directories writable by
non-root users were mounted noexec.

> Additionally I put a small hack into ld-elf.so.1 so that everything gets
> the same level of trust as a suid executable as far as LD_LIBRARY_PATH
> is concerned.

Why use shared libraries at all on a security-critical system?

Cheers,
jonathan

+++ Jonathan Rozes, System Administrator, Will Vinton Studios





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message