Date: Tue, 25 Aug 1998 13:11:44 -0500 (CDT) From: Joel Ray Holveck <joelh@gnu.org> To: rotel@indigo.ie Cc: dyson@iquest.net, imp@village.org, dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <199808251811.NAA00561@detlev.UUCP> In-Reply-To: <199808242136.WAA00657@indigo.ie> (message from Niall Smart on Mon, 24 Aug 1998 22:36:24 %2B0000) References: <199808242136.WAA00657@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Try modifying your system so that one of the flags bits is required to >> run a program. It would the require both the flags bit and the executable >> bit. Make sure the system cannot allow anyone but root set the chosen >> flags bit. Maybe you could use the immutable flag, for this so that you >> get theoretical immutability along with the ability to run code. You >> might want to relax the restriction for root, but maybe not (depending >> on how your admin scheme is setup.) > None of these hacks achieve security. You, of all people, should > know better. The original poster should figure out how they are > breaking in and close the hole, obfuscation schemes like the above > are a waste of time. Actually, Dyson's idea is the only one I've seen so far that is actual security instead of obfuscation; that is, it is the only suggestion that makes it (theoretically) impossible for an intruder to generate (and run) an arbitrary executable. The others just make the file difficult to generate, and also require things like custom cross-compilers. However, Dyson forgot another modification that must go along with this: ld.so must also be modified to ignore most environment variables. Otherwise, it would be trivial to execute arbitrary bits of code. Something in the back of my mind says that there's still one more hole dealing with mmap, but I can't place it right now. Then again, I'm running on four hours of sleep I got in a truck stop parking lot. Best, joelh -- Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808251811.NAA00561>