From owner-freebsd-security Tue Feb 4 18:27:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA16016 for security-outgoing; Tue, 4 Feb 1997 18:27:57 -0800 (PST) Received: from Mailbox.mcs.com (Mailbox.mcs.com [192.160.127.87]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA16004 for ; Tue, 4 Feb 1997 18:27:55 -0800 (PST) Received: from Jupiter.Mcs.Net (karl@Jupiter.mcs.net [192.160.127.88]) by Mailbox.mcs.com (8.8.5/8.8.2) with ESMTP id UAA05274; Tue, 4 Feb 1997 20:27:52 -0600 (CST) Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id UAA09923; Tue, 4 Feb 1997 20:27:52 -0600 (CST) From: Karl Denninger Message-Id: <199702050227.UAA09923@Jupiter.Mcs.Net> Subject: Re: Question: 2.1.7? To: danny@panda.hilink.com.au (Daniel O'Callaghan) Date: Tue, 4 Feb 1997 20:27:52 -0600 (CST) Cc: karl@Mcs.Net, spork@super-g.com, jgreco@solaria.sol.net, security@freebsd.org In-Reply-To: from "Daniel O'Callaghan" at Feb 5, 97 01:20:21 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On Wed, 5 Feb 1997, I wrote: > > > On Tue, 4 Feb 1997, Karl Denninger wrote: > > > There are static-linked executables which are shipped SUID with most FreeBSD > > > implementations. THESE MUST BE RECOMPILED ALSO! > > > > > > Make very, very sure you don't have any old SUID executables laying around. > > > If you do, you're vulnerable even with a libc fix. > > > > Thanks, I am aware of this. The package will include replacement static > > suid binaries. > > As pointed out later in the discussion, there are also scarey thoughts of > non-suid binaries becoming vulnerable by being run by root at some stage. > I have no pretensions of completely understanding all of the > interrelationships amongst cc, libc and the generated programs, (learning > fast, mind you), so I'd like to concentrate my efforts to the Project on > a more cosmetic level. > > At the basic level, to fix the crt0() problem in 2.1.x, one needs to > rebuild libc with a new crt0(), and rebuild all statically linked binaries. > It has been suggested that a 'make world' is needed, replacing all > binaries, just in case. If I'm going to make security update packages > for 2.1.0 and 2.1.5/6, I'd like some comments on what needs to be included. > > Danny ASSUMING you know that you haven't been compromised (hah!) already: 1) All static linked executables, SUID or not (SUIDs are obviously far more important!) 2) libc.so.* 3) libc.* 4) crt0.o Anything with SUID enabled MUST be scrutinized for calls to setlocale(), and if you find them, they must be REMOVED. Now, the problem is that if you've been penetrated you need to reload *everything*, since the possibility exists that your OTHER binaries have been modified. You *do* keep MD5 checksums around somewhere that they can't be tampered with (like on offline media), yes? :-) -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 773 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal