Date: Tue, 25 Feb 1997 09:07:02 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: Hackers@freebsd.org (FreeBSD Hackers) Subject: Re: Immutable files, a false sense of security (Re: disabling setuid , sh/csh) Message-ID: <Mutt.19970225090702.j@uriah.heep.sax.de> In-Reply-To: <Pine.SV4.3.95.970225092458.8264B-100000@parkplace.cet.co.jp>; from Michael Hancock on Feb 25, 1997 09:38:06 %2B0900 References: <199702242120.OAA25018@phaeton.artisoft.com> <Pine.SV4.3.95.970225092458.8264B-100000@parkplace.cet.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
As Michael Hancock wrote: > Has anyone tried hacking a system in "secure" mode via something like > /dev/io? /dev/io should refuse to be opened if securelevel >= 1 (or at least, >= 2). Naturally, this prevents you from running an Xserver and such. > I wonder how much of a speed bump it would present to an > attacker. You'll have a hard time for any sophisticated attack. Denial of service attacks through /dev/io are certainly easy. If you try to create your favorite setuid program on a disk however, you have to: . emulate the filesystem (simplest part, use fsdb or such as a template) . emulate the disk driver (harder, and not very general) . cope with the fact that the existing disk driver runs concurrently with this; turning off interrupts is not an option unless you can use DDB which is the only thing that can do polled IO to get your input into the system at all. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19970225090702.j>