Date: Wed, 26 Aug 1998 11:35:27 +1000 (EST) From: Nicholas Charles Brawn <ncb05@uow.edu.au> To: Joel Ray Holveck <joelh@gnu.org> Cc: rotel@indigo.ie, dyson@iquest.net, imp@village.org, dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <Pine.SOL.4.02A.9808261128450.15655-100000@banshee.cs.uow.edu.au> In-Reply-To: <199808251811.NAA00561@detlev.UUCP>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Aug 1998, Joel Ray Holveck wrote: > Actually, Dyson's idea is the only one I've seen so far that is actual > security instead of obfuscation; that is, it is the only suggestion > that makes it (theoretically) impossible for an intruder to generate > (and run) an arbitrary executable. The others just make the file > difficult to generate, and also require things like custom > cross-compilers. > > However, Dyson forgot another modification that must go along with > this: ld.so must also be modified to ignore most environment > variables. Otherwise, it would be trivial to execute arbitrary bits > of code. > > Something in the back of my mind says that there's still one more hole > dealing with mmap, but I can't place it right now. Then again, I'm > running on four hours of sleep I got in a truck stop parking lot. > > Best, > joelh > If any of you who are involved in this thread aren't subscribed to freebsd-security (why not? *smack*), I've put together something that prevents arbitrary execution of binaries. In effect it's two patches, one for kern_exec.c that disallows execution of binaries given certain conditions, and a hack for rtld.c, that simply skips over grabbing certain environment variables if the user has been disallowed access. The kernel patch is modifiable via sysctl, and the rtld.c hack is via /etc/ld.access (same format as login.access(5)). The url is http://rabble.uow.edu.au/~nick/security/tpe.html Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A "When in doubt, ask someone wiser than yourself..." -unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.02A.9808261128450.15655-100000>