From owner-freebsd-security@FreeBSD.ORG Sat Jul 31 17:30:31 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C03121065672 for ; Sat, 31 Jul 2010 17:30:31 +0000 (UTC) (envelope-from bryan@xzibition.com) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 7A06A8FC1A for ; Sat, 31 Jul 2010 17:30:31 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=xzibition.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=J+4MNg nKkbJgAdMUCNoOPApRon+ydKCCvPXPdj/Grv6GCqS7kxQ/8+hUwLOCE1JNELc7AI gmWHxgr1izWPcJviBkogO2VaKSZ/OK3+1R9ObY3x98R3f5mixJ5k9hvmy5t9WYLc cxq2TT93dgCCvUVgcG61mjdmyDYa5XqJ44dpg= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=xzibition.com; h= message-id:date:from:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; s=sweb; bh= outZVRI/LmdAyTZeFkMnsbcwEzZw3qTQVsYBC0vYcMg=; b=iaeohIaGDa24n+W+ qYSwDUJ3RIA3EWd2ajXoL/N9vMiQw9kQtDD+vklrWw5HGmdN9YGcmJKsBrXBlT3e vuHSCSuxx40npk02kitZPxFge7i9AGU3KP2/wmU7PYiDrSWenjd/K5SGQO9+yYxn NPYJKQjYJA5xwILfBrCHXLn+dd0= Received: (qmail 20310 invoked from network); 31 Jul 2010 12:30:28 -0500 Received: from unknown (HELO ?10.10.1.64?) (bryan@shatow.net@10.1.10.10) by sweb.xzibition.com with ESMTPA; 31 Jul 2010 12:30:28 -0500 Message-ID: <4C545DB0.6020901@xzibition.com> Date: Sat, 31 Jul 2010 12:30:24 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.7) Gecko/20100713 Lightning/1.0b2 Thunderbird/3.1.1 MIME-Version: 1.0 To: Chris Walker References: <235BB726E71747BA980A0EF60F76ED37@2WIRE304> <20100731124136.GN22295@deviant.kiev.zoral.com.ua> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Kostik Belousov , =?ISO-8859-1?Q?Istv=E1n?= , Selphie Keller , freebsd-security Subject: Re: kernel module for chmod restrictions while in securelevel one or higher X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2010 17:30:31 -0000 The module/change never proposed to stop the exploit. There's no reason to attack someone trying to help the community. It's merely adding on top of the already existing securelevel restrictions, such as chflags restrictions. It makes a lot of sense to restrict setuid/setgid when in securelevel, based on the fact that flags are as well. But maybe securelevel should just be removed? By your arguments it's useless, makes the system unstable and gives a false sense of security. Bryan On 7/31/2010 10:39 AM, Chris Walker wrote: > Hi list > > #1 Not same exploit referenced in URL. > #2 Not same bug, although you had the function right, sort of. > #3 That kernel module is useless: The exploit in the wild has already changed to bypass such restriction. > #4 The bug is already patched, upgrade your kernel. > #5 If you intend on introducing a kernel module that potentially makes your system unstable, make sure it actually fixes the bug. This workaround merely made the exploit grow more lethal, and provides a FALSE sense of a security, and as such I would *STRONGLY* discourage use of this kernel module. > > This is a perfect example of why software developers never ever will be able to fight blackhat hackers: Ignorance. > > Thanks. > > On Jul 31, 2010, at 2:59 PM, István wrote: > >> http://www.securiteam.com/exploits/6P00C00EKO.html >> >> HTH >> >> On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov wrote: >> >>> On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote: >>>> Kernel module for chmod restrictions while in securelevel one or higher: >>>> http://gist.github.com/501800 (fbsd 8.x) >>>> >>>> Was looking at the new recent sendfile/mbuf exploit and it was using a >>>> shellcode that calls chmod syscall to make a setuid/setgid binary. >>> However >>> Can you point to the exploit (code) ? >>> >> >> >> -- >> the sun shines for all >> >> http://l1xl1x.blogspot.com >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"