From owner-freebsd-hackers Wed Aug 26 18:47:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA08333 for freebsd-hackers-outgoing; Wed, 26 Aug 1998 18:47:32 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from ppp2-134.aye.net (ppp2-134.aye.net [206.185.9.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA08205 for ; Wed, 26 Aug 1998 18:46:35 -0700 (PDT) (envelope-from rabtter@orion.aye.net) Received: from orion.aye.net (localhost [127.0.0.1]) by ppp2-134.aye.net (8.8.7/8.8.7) with ESMTP id VAA00621; Wed, 26 Aug 1998 21:43:15 -0400 (EDT) (envelope-from rabtter@orion.aye.net) Message-ID: <35E4B9B2.3892CF05@orion.aye.net> Date: Wed, 26 Aug 1998 21:43:14 -0400 From: Barrett Richardson X-Mailer: Mozilla 4.5b1 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: dyson@iquest.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. References: <199808260142.UAA00976@dyson.iquest.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Many thanks to all who pitched in with information. I believe I now have enough info to start building some systems for my ISP (the owner is also a personal friend of mine from a previous job -- just to clarify some ambiguity in my original posting). The crackers have expressed intent of breaking into our systems again and I think they are going to gain access one way or another (via social engineering if nothing else). Scrambling the syscalls I think is going to have big payoffs per amount of work and I had a look at stackguard per a suggestion. Its a beautifully simple concept, throw a randomly generated word before the return address for a function and have the compiler emit code to insure that it is not clobbered before returning from said function. I do, however have good news to report after our system breach. We did have a quad Challenge DM with 384 megs of RAM. Out of necessity we threw our virtual domains (about 330) on a Pentium 133 with 128 megs of RAM and decided to let it run till it choked before we slapped more RAM and a faster processor in it. The SGI was doing other significant thing other than virtaul domains, but those were responsible for about half the load -- and the SGI was struggling. The choking point we were dreading with our FreeBSD box never came -- still sitting there humming along while we are piecing together some permanent boxes. To say that we are "suprised" is an understatement. - Barrett Richardson rabtter@aye.net John S. Dyson wrote: > > Nicholas Charles Brawn said: > > > > If any of you who are involved in this thread aren't subscribed to > > freebsd-security (why not? *smack*), I've put together something that > > prevents arbitrary execution of binaries. > > > I am not subscribed to any mailing lists anymore, but drop-in once > in a while :-). > > -- > John | Never try to teach a pig to sing, > dyson@iquest.net | it makes one look stupid > jdyson@nc.com | and it irritates the pig. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message