From owner-freebsd-security Mon Dec 28 09:15:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA20919 for freebsd-security-outgoing; Mon, 28 Dec 1998 09:15:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.vr.IN-Berlin.DE (gnu.in-berlin.de [192.109.42.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA20759 for ; Mon, 28 Dec 1998 09:15:36 -0800 (PST) (envelope-from nortobor.nostromo.in-berlin.de!ripley@servicia.in-berlin.de) Received: from uriela.in-berlin.de (IDENT:root@servicia.in-berlin.de [192.109.42.145]) by mail.vr.IN-Berlin.DE (8.9.1a/8.9.1) with ESMTP id SAA26349 for ; Mon, 28 Dec 1998 18:15:15 +0100 (CET) (envelope-from nortobor.nostromo.in-berlin.de!ripley@servicia.in-berlin.de) Received: by uriela.in-berlin.de (Smail-3.2.0.101 1997-Dec-17 #1) id m0zuhLw-000VTEC; Mon, 28 Dec 1998 19:25:16 +0100 (CET) Received: (from ripley@localhost) by nortobor.nostromo.in-berlin.de (8.8.7/8.8.7) id CAA15150 for freebsd-security@FreeBSD.ORG; Mon, 28 Dec 1998 02:49:52 +0100 (CET) (envelope-from ripley) Date: Mon, 28 Dec 1998 02:49:51 +0100 From: "H. Eckert" To: "freebsd-security@FreeBSD.ORG" Subject: Re: Magic Message-ID: <19981228024951.C14858@nortobor.nostromo.in-berlin.de> References: <36855859.5D0BD741@acc.am> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.95i In-Reply-To: <36855859.5D0BD741@acc.am>; from Casper on Sun, Dec 27, 1998 at 01:42:49AM +0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoting Casper (casper@acc.am): > What about include in some secure level facility to disable read of > any file if it begins with magic by user (may be by any user, > including root) ? It will disable read of these files .... of course > intruder can bruteforce by changing megic of file & looking to > response :) ... but itlll take a lot of time ... This is not as easy as it may sound. Denying read access is done by proper chmod permissions (which are observed by the kernel already). Doing this inside the kernel itself, probably in some generic read() function, is difficult because system calls have to be able to load the code (provided execution permission is granted and this is checked on opening the file, before any of its contents are known). If such a change is broken you may either have a very complicated NOP or you may end up with a system where *everybody* including root during startup is locked out from running programs. Greetings, Ripley -- H. Eckert, 10777 Berlin, Germany, http://www.in-berlin.de/User/nostromo/ ISO 8859-1: Ä=Ae, Ö=Oe, Ü=Ue, ä=ae, ö=oe, ü=ue, ß=sz. "(Technobabbel)" (Jetrel) - "Müssen wir uns diesen Schwachsinn wirklich anhören?" (Neelix) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message