From owner-freebsd-security Mon Nov 18 10:18:50 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA02328 for security-outgoing; Mon, 18 Nov 1996 10:18:50 -0800 (PST) Received: from grackle.grondar.za (grackle.grondar.za [196.7.18.131]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA02318; Mon, 18 Nov 1996 10:18:46 -0800 (PST) Received: from grackle.grondar.za (localhost.grondar.za [127.0.0.1]) by grackle.grondar.za (8.8.2/8.7.3) with ESMTP id UAA12284; Mon, 18 Nov 1996 20:17:38 +0200 (SAT) Message-Id: <199611181817.UAA12284@grackle.grondar.za> To: Don Lewis cc: Bill Fenner , chat@freebsd.org, security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Date: Mon, 18 Nov 1996 20:17:37 +0200 From: Mark Murray Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Don Lewis wrote: > I'm not counting on gaining much security that way, but my philosophy > is to remove everything that isn't absolutely needed. What isn't present > can't be used against me. I do consider the importation of any files > to be a security breach. > > I just thought of a totally wicked way of guarding against imported binaries, > though. Just randomize the syscall numbers when building the kernal and > userland binaries. For best effect, the userland binaries should be > statically linked and the shared libraries removed. As long as the kernel > can withstand crashme, it should be fine ;-) Too bad it looks like such > a pain to do this :-( Much easier is to put the users onto a volume that is mounted -noexec. This works for compiled binaries, not scripts. M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE