From owner-freebsd-security  Thu Aug 27 19:22:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA27819
          for freebsd-security-outgoing; Thu, 27 Aug 1998 19:22:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA27743
          for <freebsd-security@FreeBSD.ORG>; Thu, 27 Aug 1998 19:22:23 -0700 (PDT)
          (envelope-from ncb05@banshee.cs.uow.edu.au)
Received: (from ncb05@localhost)
	by banshee.cs.uow.edu.au (8.9.1/8.9.1) id MAA12967;
	Fri, 28 Aug 1998 12:21:19 +1000 (EST)
Date: Fri, 28 Aug 1998 12:21:19 +1000 (EST)
From: Nicholas Charles Brawn <ncb05@uow.edu.au>
X-Sender: ncb05@banshee.cs.uow.edu.au
To: Niall Smart <rotel@indigo.ie>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: trusted path execution patch
In-Reply-To: <199808271937.UAA01055@indigo.ie>
Message-ID: <Pine.SOL.4.02A.9808281217420.11697-100000@banshee.cs.uow.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 27 Aug 1998, Niall Smart wrote:

> On Aug 26,  2:32am, Nicholas Charles Brawn wrote:
> } Subject: trusted path execution patch
> 
> > For those not familiar with route's patch (Phrack 52, article 6), it
> > limits the execution of binaries to those in directories designated as
> > "trusted". That being (in this case), those that aren't writable by
> > group or other, and are owned by either root, bin, or have the gid of a
> > "trusted" group.
> 
> So are you going to audit all those utilities in the trusted path
> for buffer overflows?
> 
> Niall
> 
> -- 
> Niall Smart, rotel@indigo.ie.
> Amaze your friends and annoy your enemies:
> echo '#define if(x) if (!(x))' >> /usr/include/stdio.h
> 

Hahah. Well, that's another problem that was pointed out. I'm working on
an idea that has been tossed around before to prevent buffer overflows.
And no, i'm not suggesting we recompile everything with stackguard. :)

Nick

--
Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick 
Key fingerprint =  DE 30 33 D3 16 91 C8 8D  A7 F8 70 03 B7 77 1A 2A
"When in doubt, ask someone wiser than yourself..." -unknown


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message