From owner-freebsd-security  Thu Dec 24 13:48:23 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA24704
          for freebsd-security-outgoing; Thu, 24 Dec 1998 13:48:23 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA24699
          for <freebsd-security@FreeBSD.ORG>; Thu, 24 Dec 1998 13:48:22 -0800 (PST)
          (envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.1/8.9.1) id WAA76344;
	Thu, 24 Dec 1998 22:45:13 +0100 (CET)
	(envelope-from des)
To: Casper <casper@acc.am>
Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: Re: Magic
References: <3682A65B.8CFB144F@acc.am>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 24 Dec 1998 22:45:12 +0100
In-Reply-To: Casper's message of "Fri, 25 Dec 1998 00:38:52 +0400"
Message-ID: <xzppv99xlhz.fsf@flood.ping.uio.no>
Lines: 23
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Casper <casper@acc.am> writes:
> Did anyone tried to cjange loader's MAGIK in the exec's header and
> recompile system ... I think it'll disallow to upload some
> executable and run it on target system ......
> So if you have recompiled system , chrooting all your network
> services - from telnetd till httpd, ftpd & etc. , dont place
> compiler, mknod in chrooted dirs and disallow reading of executable
> files ..only --x , how intruder can break this protection ?

If there is any way at all an intruder can chmod an executable - *any*
executable - and examine it, it will be trivial for him to spot the
changed magic and create executables of his own with the correct
magic. If there's no way an intruder can chmod anything, what are you
worried about? He'll never be able to add execute permission to an
exectuable he might have uploaded.

Search the archives - there was a thread two or three months back
about randomizing syscall numbers to make it hard for intruders to
execute foreign executables.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message