Date: 24 Dec 1998 22:45:12 +0100 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Casper <casper@acc.am> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Magic Message-ID: <xzppv99xlhz.fsf@flood.ping.uio.no> In-Reply-To: Casper's message of "Fri, 25 Dec 1998 00:38:52 %2B0400" References: <3682A65B.8CFB144F@acc.am>
next in thread | previous in thread | raw e-mail | index | archive | help
Casper <casper@acc.am> writes: > Did anyone tried to cjange loader's MAGIK in the exec's header and > recompile system ... I think it'll disallow to upload some > executable and run it on target system ...... > So if you have recompiled system , chrooting all your network > services - from telnetd till httpd, ftpd & etc. , dont place > compiler, mknod in chrooted dirs and disallow reading of executable > files ..only --x , how intruder can break this protection ? If there is any way at all an intruder can chmod an executable - *any* executable - and examine it, it will be trivial for him to spot the changed magic and create executables of his own with the correct magic. If there's no way an intruder can chmod anything, what are you worried about? He'll never be able to add execute permission to an exectuable he might have uploaded. Search the archives - there was a thread two or three months back about randomizing syscall numbers to make it hard for intruders to execute foreign executables. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzppv99xlhz.fsf>