From owner-freebsd-security Thu Dec 16 11:18:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from anarcat.dyndns.org (phobos.IRO.UMontreal.CA [132.204.20.20]) by hub.freebsd.org (Postfix) with ESMTP id C3E041513C for ; Thu, 16 Dec 1999 11:18:06 -0800 (PST) (envelope-from spidey@anarcat.dyndns.org) Received: by anarcat.dyndns.org (Postfix, from userid 1000) id C2D131B71; Thu, 16 Dec 1999 14:18:21 -0500 (EST) From: Spidey MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <14425.15098.737556.573749@anarcat.dyndns.org> Date: Thu, 16 Dec 1999 14:18:18 -0500 (EST) To: Robert Watson Cc: Warner Losh , Chris England , freebsd-security@FreeBSD.ORG Subject: Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) References: <14425.12637.308602.637788@anarcat.dyndns.org> X-Mailer: VM 6.72 under 21.1 (patch 7) "Biscayne" XEmacs Lucid Reply-To: Spidey Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I really think that this would be a _great_ improvement. I would be ready to donate time to this. :)) Should I start patching? :) --- Big Brother told Robert Watson to write, at 13:56 of December 16: > On Thu, 16 Dec 1999, Spidey wrote: >=20 > > Yes. Since I've been looking at setuid's on FBSD, my primary concer= n's > > been with the ports. I wished there could be some way to have a > > variable in the Makefiles that say "NOSETUID=3DYES". :)) > >=20 > > We should make a a definite list of all the setuid's in the whole p= ort > > tree. Maybe the port maintainers can give a hand? > >=20 > > Darn.. d=E9j=E0 vu...=20 >=20 > Yup, it's d=E9j=E0 vu all over again. If you want a heavy-handed sec= urity > approach, here's how you do it. Define two new Makefile ports variab= les: >=20 > HAS_MISC_SET_ID=3D {yes,no} > HAS_ROOT_SETUID=3D {yes,no} >=20 > Starting today, warn all ports maintainers that their ports must (ide= ally > correctly) define these variables for all of their ports. In two wee= ks, > any port that doesn't define both variables is marked as broken. Aft= er > one week, we introduce a check in the package building procedure that= > checks for any setuid or setgid binaries in the installed version. I= f the > variable value reported is wrong, the port is marked as broken. >=20 > We then have an effective and mandated list of ports making use of se= t?id > binaries. Each one of these ports undergoes a security view by the > auditing team--not to fix bugs, just to identify whether the source c= ode > is prone to bugs (extensive use of string functions in unsafe ways, e= tc) > -- a twenty minute thing. If it's found to be unsafe, the port is ma= rked > as unsafe, meaning that packages are not autobuilt for it, and that a= user > attempting to install the port is *loudly* warned that the code is un= safe, > and they must confirm the install by using make unsafe-install. >=20 > That's heavy-handed security for you: mandate identification of probl= ems > and correctness. >=20 > This doesn't address daemons (imapd, etc) that also run privileged, b= ut is > a good first step. >=20 > Robert N M Watson=20 >=20 > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1= > TIS Labs at Network Associates, Safeport Network Services >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=20 Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message