From owner-freebsd-security Wed Feb 5 08:33:44 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA12077 for security-outgoing; Wed, 5 Feb 1997 08:33:44 -0800 (PST) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA11307; Wed, 5 Feb 1997 08:32:23 -0800 (PST) Received: (from nobody@localhost) by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id RAA02619; Wed, 5 Feb 1997 17:28:25 +0100 Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP id sma002450; Wed Feb 5 17:27:40 1997 Received: from bsd.lss.cp.philips.com (bsd.lss.cp.philips.com [130.144.199.33]) by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-970131) with SMTP id RAA11844; Wed, 5 Feb 1997 17:27:38 +0100 Received: by bsd.lss.cp.philips.com (8.8.3/1.63) id RAA05885; Wed, 5 Feb 1997 17:27:38 +0100 (MET) From: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Message-Id: <199702051627.RAA05885@bsd.lss.cp.philips.com> Subject: Re: 2.1.6+++: crt0.c CRITICAL CHANGE To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Wed, 5 Feb 1997 17:27:38 +0100 (MET) Cc: Guido.vanRooij@nl.cis.philips.com, jgreco@solaria.sol.net, joerg_wunsch@uriah.heep.sax.de, core@freebsd.org, security@freebsd.org, jkh@freebsd.org In-Reply-To: <19372.855159786@time.cdrom.com> from "Jordan K. Hubbard" at "Feb 5, 97 08:23:06 am" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > > It does work. I tested it on a life system. However, as stated earlier, > > it should check for immutable and append only flags and react accordingly. > > OK. Is anyone making those changes? :-) > > I should note that this kind of solution is kinda scarey in that we'll > have to document the heck out of it before we can ever unleash it on > the general public without getting back a flood of "Augh! I nuked my > system! Nothing runs now!!" reports. Is there enough committment > here for making it into that kind of solution? ;) It is in fact a simple system. It checks at the exact locations in the binary and checks every byte that is constant. See the source. If it isn't somehow recognised, it will skip it (like e.g. shell scripts). But I agree it should be reviewed by a *lot* of ppl. Especially Bruce ;-) I'll try to see if I can make the cgflags(2) stuff later today. Further, perhaps we should make an lfix for different versions of the OS as well (I'm not sure if the program can be applied to 2.0.5 e.g.) -Guido