From owner-freebsd-hackers Sun Aug 23 23:21:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA29529 for freebsd-hackers-outgoing; Sun, 23 Aug 1998 23:21:17 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from dyson.iquest.net (dyson.iquest.net [198.70.144.127]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA29519 for ; Sun, 23 Aug 1998 23:21:13 -0700 (PDT) (envelope-from toor@dyson.iquest.net) Received: (from root@localhost) by dyson.iquest.net (8.8.8/8.8.8) id BAA04415; Mon, 24 Aug 1998 01:20:08 -0500 (EST) (envelope-from toor) Message-Id: <199808240620.BAA04415@dyson.iquest.net> Subject: Re: I want to break binary compatibility. In-Reply-To: <199808231301.IAA09038@detlev.UUCP> from Joel Ray Holveck at "Aug 23, 98 08:01:22 am" To: joelh@gnu.org Date: Mon, 24 Aug 1998 01:20:08 -0500 (EST) Cc: imp@village.org, dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG From: "John S. Dyson" Reply-To: dyson@iquest.net X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Joel Ray Holveck said: > >>> I have a problem with some hackers that are obsessed with making my > >>> ISP's life miserable (they've already hacked our SGI). I've slapped > >>> together a FreeBSD box to throw their webpages on it, turned off all > >>> services except http. > >> While you are at it and breaking binary compatibility for security > >> reasons, make sure you remove stuff a webserver doesn't need such as > >> /usr/include, compilers, manpages, etc. Maybe PicoBSD would be the > >> place to start? > > You are better off NOT breaking binary compatibility to get what you > > want. You would be better served by porting StackGuard to FreeBSD, > > which would give you excellent protection against most stack > > overflows. > > I think the idea rabtter had in mind was to keep the intruders from > compiling (or cross-compiling) some random utility from rootshell.com > on another box and ftping it over. There are security holes other > than stack overflows, you know. > I posted this through another mechanism by mistake, and so I apologize if this message is a repeat for you: Try modifying your system so that one of the flags bits is required to run a program. It would the require both the flags bit and the executable bit. Make sure the system cannot allow anyone but root set the chosen flags bit. Maybe you could use the immutable flag, for this so that you get theoretical immutability along with the ability to run code. You might want to relax the restriction for root, but maybe not (depending on how your admin scheme is setup.) In this way, you would not need to change binary compatibility, but programs will simply not run, unless the user figures out a way to set the flags bit. Hopefully, you will have made sure that the kernel API doesn't allow setting that bit by non-root. -- John | Never try to teach a pig to sing, dyson@iquest.net | it makes one look stupid jdyson@nc.com | and it irritates the pig. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message