Date: Mon, 18 Nov 1996 20:17:37 +0200 From: Mark Murray <mark@grondar.za> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Bill Fenner <fenner@parc.xerox.com>, chat@freebsd.org, security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611181817.UAA12284@grackle.grondar.za>
next in thread | raw e-mail | index | archive | help
Don Lewis wrote: > I'm not counting on gaining much security that way, but my philosophy > is to remove everything that isn't absolutely needed. What isn't present > can't be used against me. I do consider the importation of any files > to be a security breach. > > I just thought of a totally wicked way of guarding against imported binaries, > though. Just randomize the syscall numbers when building the kernal and > userland binaries. For best effect, the userland binaries should be > statically linked and the shared libraries removed. As long as the kernel > can withstand crashme, it should be fine ;-) Too bad it looks like such > a pain to do this :-( Much easier is to put the users onto a volume that is mounted -noexec. This works for compiled binaries, not scripts. M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611181817.UAA12284>