From owner-freebsd-current Tue Dec 15 08:58:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA19739 for freebsd-current-outgoing; Tue, 15 Dec 1998 08:58:45 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA19731 for ; Tue, 15 Dec 1998 08:58:40 -0800 (PST) (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (IDENT:tETawZTphrcpzoHKWALfy5ccmFlRY8WR@greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.9.1/8.9.1) with ESMTP id SAA02767; Tue, 15 Dec 1998 18:58:32 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (IDENT:UrJnBkCAZeTZelhDG90rrhIUgRdgtzxN@localhost [127.0.0.1]) by greenpeace.grondar.za (8.9.1/8.9.1) with ESMTP id SAA68881; Tue, 15 Dec 1998 18:58:31 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199812151658.SAA68881@greenpeace.grondar.za> To: Joe Abley cc: Kevin Day , freebsd-current@FreeBSD.ORG Subject: Re: modification to exec in the kernel? In-Reply-To: Your message of " Wed, 16 Dec 1998 05:40:35 +1300." <19981216054035.C27078@clear.co.nz> References: <19981215120357.B11837@clear.co.nz> <199812142331.RAA17203@home.dragondata.com> <19981215124818.A22526@clear.co.nz> <199812150644.IAA67338@greenpeace.grondar.za> <19981216054035.C27078@clear.co.nz> Date: Tue, 15 Dec 1998 18:58:30 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Joe Abley wrote: > On Tue, Dec 15, 1998 at 08:44:16AM +0200, Mark Murray wrote: > "Just about" - so there are _some_ exploits that would require a user-supplied > binary? So preventing execution of user-supplied binaries does give _some_ > safety benefit? 0.001%. If you can do it in C, you can do it in perl. Buffer exploits are much easier in C and assembler, though. A cracker with time is a dangerous beast, remember. > I take your point, though - I was forgetting how much feature bloat there > is in perl. > > Why people can't just make do with awk is a little beyond me :) Shellscript+awk+sed is a potent combination in the hands of an uberhacker. Consider the case of the virus-written-in-shellscript; when last and how often do you run tripwire? Are you _convinced_ that you have _never_ (both absolutes) run a user-written substitute (possibly trojaned) replacement for a system applet? I've hit a perl replacement for ls(1) that only gloated. Yes, I was root. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message