Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Apr 1998 18:14:42 +0000
From:      Niall Smart <rotel@indigo.ie>
To:        Open Systems Networking <opsys@mail.webspan.net>, "Jordyn A. Buchanan" <jordyn@bestweb.net>
Cc:        Marc Slemko <marcs@znep.com>, Niall Smart <rotel@indigo.ie>, freebsd-security@FreeBSD.ORG
Subject:   Re: suid/sgid programs
Message-ID:  <199804191714.SAA00862@indigo.ie>
In-Reply-To: Open Systems Networking <opsys@mail.webspan.net> "Re: suid/sgid programs" (Apr 19, 12:53pm)
next in thread | previous in thread | raw e-mail | index | archive | help 
On Apr 19, 12:53pm, Open Systems Networking wrote:
} Subject: Re: suid/sgid programs
> 
> True C2 rating wont fix everything
> but it sure makes it a hell of a lot harder for ankle biters to exploit.
> I would REALLY love to see a C2 FreeBSD project. Now THAT would be a
> killer selling point

This is a rather silly point, the C2 security standard says nothing
about checking buffer sizes in setuid programs or about having non
executable stacks.  FreeBSD could probably be made C2 secure quite
easily,  it's probably more a matter of cost of certification than
potential.

I think we would need to add the facility for more detailed auditing
and logging and perhaps we would need an ACL FS.

Wang Corporation market an OS which uses the Intel 80386's protection
domains to provide UNIX emulation while still using the systems
underlying mandatory access controls.  I don't know much of the
technical nitty gritty,  they might have more information on their
web site.

I've seen a B2 OS based on Solaris get rooted though a gethostbyname()
exploit, so don't hold too much stead by these security classifications.
:)

Niall

-- 
Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
FreeBSD: Turning PC's into Workstations: www.freebsd.org
Annoy your enemies and astonish your friends:
echo "#define if(x) if (!(x))" >> /usr/include/stdio.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804191714.SAA00862>