Date: Wed, 18 Aug 1999 22:44:39 -0400 (EDT) From: Barrett Richardson <barrett@phoenix.aye.net> To: Jonathan Rozes <jrozes@vinton.com> Cc: Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG Subject: Re: Any work around for this FreeBSD bug/DoS ? Message-ID: <Pine.BSF.4.01.9908182204050.10532-100000@phoenix.aye.net> In-Reply-To: <Pine.SGI.3.96.990818170353.837A-100000@molloy.vinton.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Aug 1999, Jonathan Rozes wrote: > On Wed, 18 Aug 1999, Barrett Richardson wrote: > > > That's not enough to 'fix' perl. You'll also need to take away from perl > the ability to use the '-e' switch and the ability to read from stdin. If > you want to be really pedantic, you could also force taint checking for > all scripts, regardless of whether they want it or not. Thanks for the info. This is useful. > > I started to implement something like this for OpenBSD, using the regular > filesystem immutable flag on binaries, but stopped when I kept thinking of > new ways for a determined attacker to bypass it. In the end, I just Good point. The motivation for such a scheme is that it foils the script kiddies that just use *canned* exploits, which in my case includes *all* of my attackers. If an imperfect model keeps them at bay even though the model is imperfect, it helps out. Back to the original argument of the code that was posted, script kiddie wannabes cant run it on my system unless I approve it (and I dont plan on approving it) or they have to engineer a means to do the same themselves (not typical script kiddie behaviour). The script kiddie has to work harder -- which is the goal of most any security scheme -- decreasing the fruits of labor for the attacker by increasing their resource expenditure. There is probably a way to run some arbitrary code with a mmap or function pointer hook in some software, but script kiddies for the most part aren't at that skill level yet. True that someday the scheme will be completely useless (FreeBSD 2.0.5 was once "secure"), but if it can save me a panic or two (or a breach) in the meantime the time it took to patch the kernel and set the flag on binaries was well spent. It's kind of a kludge, but it's not completely useless. > arranged things such that all filesystems with directories writable by > non-root users were mounted noexec. > > > Additionally I put a small hack into ld-elf.so.1 so that everything gets > > the same level of trust as a suid executable as far as LD_LIBRARY_PATH > > is concerned. > > Why use shared libraries at all on a security-critical system? Another good point. The motivation here is when I don't need espionage level security I get some extra insurance at low cost. - Barrett > > Cheers, > jonathan > > +++ Jonathan Rozes, System Administrator, Will Vinton Studios > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9908182204050.10532-100000>