Date: Sun, 15 Dec 1996 07:44:16 +1100 (EST) From: proff@suburbia.net To: steve@edmweb.com (Steve Reid) Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: questions... Message-ID: <19961214204416.972.qmail@suburbia.net> In-Reply-To: <Pine.BSF.3.91.961214120135.193A-100000@bitbucket.edmweb.com> from Steve Reid at "Dec 14, 96 12:18:21 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Only worry about files that are suid or sgid. Other binaries can't do > anything that the user can't do. Removing the execute bit from > non-suid/sgid binaries won't add any to security- a malicious user can > create any non-suid/sgid file him/her self. Even if you remove gcc, the > user could still FTP the files from ftp.cdrom.com. Removing FTP won't help > either- clever use of redirection can allow a user to transfer whatever > files they want over their own tty. /dev/wd0a on / (asynchronous, local, noatime) procfs on /proc (local, nodev, noexec, nosuid) mfs:24 on /tmp (asynchronous, local, noatime, nodev, noexec, nosuid) /dev/wd0s1f on /usr (asynchronous, local, noatime, nodev) /dev/wd0s1e on /var (asynchronous, local, noatime, nodev, noexec, nosuid) /dev/wd2s1e on /usr/local/var (asynchronous, local, nodev, noexec, nosuid) /dev/wd3s1e on /home (asynchronous, local, nodev, noexec, nosuid) /dev/sd0s1e on /data (asynchronous, local, nodev, noexec, nosuid) /data/ftp/pub on /usr/local/ftp/pub (local, nodev, noexec, nosuid) /dev/matcd0a on /usr/local/ftp/mnt/cd0 (local, nodev, noexec, nosuid, read-only) ../sbin-sec is root, mode 700 there are no writable directories on / or /usr Note that you will also need to modify ld.so to prevent dynamic binding using env variables. Unfortunately this isn't a total cure, because there are 1001 stack overflows in NON-suid programs. total 10676 -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 adjkerntz -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 badsect lrwxr-xr-x 1 bin bin 21 Dec 12 17:22 ccdconfig -> ../sbin-sec/ccdconfig -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 clri -r-xr-xr-x 1 bin bin 36864 Dec 12 17:21 comcontrol -r-xr-xr-x 1 bin bin 110592 Dec 12 17:21 disklabel lrwxr-xr-x 1 bin bin 17 Dec 12 17:22 dmesg -> ../sbin-sec/dmesg -r-xr-xr-x 1 bin bin 90112 Dec 12 17:21 dset lrwxr-xr-x 1 bin bin 16 Dec 12 17:22 dump -> ../sbin-sec/dump -r-xr-xr-x 1 bin bin 61440 Dec 12 17:21 dumpfs -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 dumplfs -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 dumpon -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 fastboot -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 fasthalt -r-xr-xr-x 1 bin bin 53248 Dec 12 17:21 fdisk -r-xr-xr-x 1 bin bin 180224 Dec 12 17:21 fsck -r-xr-xr-x 1 bin bin 270336 Dec 12 17:21 fsdb -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 ft -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 halt -r-xr-x--- 1 bin staff 131072 Dec 12 17:21 ifconfig -r-x------ 1 bin bin 184320 Nov 23 17:53 init -r-xr-xr-x 1 bin bin 122880 Dec 12 17:21 ipfw -r-xr-xr-x 1 bin bin 45056 Dec 12 17:21 ldconfig -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 md5 -r-xr-xr-x 1 bin bin 36864 Dec 12 17:21 mknod -r-xr-xr-x 1 bin bin 45056 Dec 12 17:21 modload -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 modunload -r-xr-xr-x 1 bin bin 69632 Dec 12 17:21 mount -r-xr-xr-x 1 bin bin 49152 Dec 12 17:21 mount_cd9660 -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_devfs -r-xr-xr-x 1 bin bin 49152 Dec 12 17:21 mount_ext2fs -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_fdesc -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_kernfs -r-xr-xr-x 1 bin bin 49152 Dec 12 17:21 mount_lfs -r-xr-xr-x 2 bin bin 122880 Dec 12 17:21 mount_mfs lrwxr-xr-x 1 bin bin 23 Dec 12 17:22 mount_msdos -> ../sbin-sec/mount_msdos -r-xr-xr-x 1 bin bin 122880 Dec 12 17:21 mount_nfs -r-xr-xr-x 1 bin bin 53248 Dec 12 17:21 mount_null -r-xr-xr-x 1 bin bin 204800 Dec 12 17:21 mount_portal -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_procfs -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_std -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 mount_umap -r-xr-xr-x 1 bin bin 53248 Dec 12 17:21 mount_union -r-xr-xr-x 1 bin bin 200704 Dec 12 17:21 mountd -r-xr-xr-x 2 bin bin 122880 Dec 12 17:21 newfs -r-xr-xr-x 1 bin bin 98304 Dec 12 17:21 newlfs -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 nextboot -r-xr-xr-x 1 bin bin 69632 Dec 12 17:21 nfsd -r-xr-xr-x 1 bin bin 61440 Dec 12 17:21 nfsiod -r-xr-xr-x 1 bin bin 1907 Dec 12 17:21 nologin -r-sr-xr-x 1 root bin 122880 Dec 12 17:21 ping -r-xr-xr-x 1 bin bin 139264 Dec 12 17:21 quotacheck -r-xr-xr-x 1 root bin 118784 Dec 12 17:21 rdisc lrwxr-xr-x 1 bin bin 17 Dec 12 17:22 rdump -> ../sbin-sec/rdump -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 reboot lrwxr-xr-x 1 bin bin 19 Dec 12 17:22 restore -> ../sbin-sec/restore lrwxr-xr-x 1 bin bin 17 Dec 12 17:22 route -> ../sbin-sec/route -r-x------ 1 root bin 180224 Dec 12 17:22 routed lrwxr-xr-x 1 bin bin 20 Dec 12 17:22 rrestore -> ../sbin-sec/rrestore -r-x------ 1 root bin 122880 Dec 12 17:22 rtquery -r-xr-xr-x 1 bin bin 69632 Dec 12 17:22 savecore -r-xr-xr-x 1 bin bin 65536 Dec 12 17:22 scsi -r-xr-xr-x 1 bin bin 3306 Dec 12 17:22 scsiformat lrwxr-xr-x 1 bin bin 20 Dec 12 17:22 shutdown -> ../sbin-sec/shutdown -r-xr-xr-x 1 bin bin 61440 Dec 12 17:22 slattach lrwxr-xr-x 1 bin bin 21 Dec 12 17:22 sliplogin -> ../sbin-sec/sliplogin -r-xr-xr-x 1 bin bin 69632 Dec 12 17:22 startslip -r-xr-xr-x 1 bin bin 49152 Dec 12 17:22 swapon -r-xr-xr-x 1 bin bin 45056 Dec 12 17:22 tunefs -r-xr-xr-x 1 bin bin 122880 Dec 12 17:22 umount -Julian A. (proff@suburbia.net)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19961214204416.972.qmail>