From owner-freebsd-security  Tue Aug 25 09:34:07 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA22583
          for freebsd-security-outgoing; Tue, 25 Aug 1998 09:34:07 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA22541
          for <freebsd-security@freebsd.org>; Tue, 25 Aug 1998 09:34:03 -0700 (PDT)
          (envelope-from ncb05@banshee.cs.uow.edu.au)
Received: (from ncb05@localhost)
	by banshee.cs.uow.edu.au (8.9.1/8.9.1) id CAA01466;
	Wed, 26 Aug 1998 02:32:57 +1000 (EST)
Date: Wed, 26 Aug 1998 02:32:56 +1000 (EST)
From: Nicholas Charles Brawn <ncb05@uow.edu.au>
X-Sender: ncb05@banshee.cs.uow.edu.au
To: freebsd-security@FreeBSD.ORG
Subject: trusted path execution patch
Message-ID: <Pine.SOL.4.02A.9808260223120.247-100000@banshee.cs.uow.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Modelled somewhat on route's patch released in phrack52 that performs
the same function (for Linux though), i've written a small patch to
kern_exec.c that does just about the same thing.

For those not familiar with route's patch (Phrack 52, article 6), it
limits the execution of binaries to those in directories designated as
"trusted". That being (in this case), those that aren't writable by
group or other, and are owned by either root, bin, or have the gid of a
"trusted" group.

I've also hacked up access control for ld.so, to prevent unauthorised
users using LD_LIBRARY_PATH and LD_PRELOAD to bypass the above patch.
Configuration is via /etc/ld.access, which is the same format as
login.access(5).

You can get the patches from http://rabble.uow.edu.au/~nick/security/tpe.html

I'd appreciate it if people could test it out and report back on any
problems or improvements. :)

Regards,
Nick

--
Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick 
Key fingerprint =  DE 30 33 D3 16 91 C8 8D  A7 F8 70 03 B7 77 1A 2A
"When in doubt, ask someone wiser than yourself..." -unknown


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message