From owner-freebsd-hackers Sat Nov 6 11:42:50 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87]) by hub.freebsd.org (Postfix) with ESMTP id E068114C9B for ; Sat, 6 Nov 1999 11:42:48 -0800 (PST) (envelope-from dcs@newsguy.com) Received: from newsguy.com (p23-dn02kiryunisiki.gunma.ocn.ne.jp [210.163.200.120]) by peach.ocn.ne.jp (8.9.1a/OCN) with ESMTP id EAA20999; Sun, 7 Nov 1999 04:42:35 +0900 (JST) Message-ID: <3824793E.CF39EF0B@newsguy.com> Date: Sun, 07 Nov 1999 03:53:50 +0900 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en,pt-BR,ja MIME-Version: 1.0 To: Borja Marcos Cc: hackers@FreeBSD.ORG Subject: Re: exec() security enhancement References: <199910302232.AAA16912@sirius.we.lc.ehu.es> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Borja Marcos wrote: > > Hello, > > Many security exploits create files in the /tmp directory > and execute them. I think it would be a good idea to add logging > to the to exec_check_permissions() in kern.exec.c so that attempts > to run files from a filesystem mounted as "noexec" can be detected. > > With this measeure, and mounting /tmp as "noexec" some > generic hostile acts (wow, how does it sound! :-) ) could be > detected. [and, as you said, the same goes for nosuid -- and for nodev too] This doesn't enhance security. It enhances auditability. I like this. Add a syslog, and a sysctl to turn it on or off. It seems straight-forward and light-weight. Send the patches. :-) -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org What y'all wanna do? Wanna be hackers? Code crackers? Slackers Wastin' time with all the chatroom yakkers? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message