Date: Wed, 5 Feb 1997 17:27:38 +0100 (MET) From: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: Guido.vanRooij@nl.cis.philips.com, jgreco@solaria.sol.net, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE Message-ID: <199702051627.RAA05885@bsd.lss.cp.philips.com> In-Reply-To: <19372.855159786@time.cdrom.com> from "Jordan K. Hubbard" at "Feb 5, 97 08:23:06 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan K. Hubbard wrote: > > It does work. I tested it on a life system. However, as stated earlier, > > it should check for immutable and append only flags and react accordingly. > > OK. Is anyone making those changes? :-) > > I should note that this kind of solution is kinda scarey in that we'll > have to document the heck out of it before we can ever unleash it on > the general public without getting back a flood of "Augh! I nuked my > system! Nothing runs now!!" reports. Is there enough committment > here for making it into that kind of solution? ;) It is in fact a simple system. It checks at the exact locations in the binary and checks every byte that is constant. See the source. If it isn't somehow recognised, it will skip it (like e.g. shell scripts). But I agree it should be reviewed by a *lot* of ppl. Especially Bruce ;-) I'll try to see if I can make the cgflags(2) stuff later today. Further, perhaps we should make an lfix for different versions of the OS as well (I'm not sure if the program can be applied to 2.0.5 e.g.) -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702051627.RAA05885>