Date: Mon, 18 Nov 1996 09:16:35 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Bill Fenner <fenner@parc.xerox.com>, Don Lewis <Don.Lewis@tsc.tdk.com> Cc: chat@freebsd.org, security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611181716.JAA15646@salsa.gv.ssi1.com> In-Reply-To: Bill Fenner <fenner@parc.xerox.com> "Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2)." (Nov 18, 8:42am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 18, 8:42am, Bill Fenner wrote: } Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). } In message <199611180918.BAA15007@salsa.gv.ssi1.com>you write: } >I don't need a compiler, and I don't want to make } >it any easier than necessary for some cracker d00d to compile his r00t } >kit. } } If you want to save space, that's fine, but don't delude yourself by thinking } that your cracker d00d can't just go find someone on IRC with a FreeBSD box } who will send him binaries. I'm not counting on gaining much security that way, but my philosophy is to remove everything that isn't absolutely needed. What isn't present can't be used against me. I do consider the importation of any files to be a security breach. I just thought of a totally wicked way of guarding against imported binaries, though. Just randomize the syscall numbers when building the kernal and userland binaries. For best effect, the userland binaries should be statically linked and the shared libraries removed. As long as the kernel can withstand crashme, it should be fine ;-) Too bad it looks like such a pain to do this :-( Another possibility would be to digitally sign all the binaries and hack the kernel to only run binaries with the proper signature. --- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611181716.JAA15646>