From owner-freebsd-security@FreeBSD.ORG Thu Sep 22 22:12:48 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA21916A41F for ; Thu, 22 Sep 2005 22:12:48 +0000 (GMT) (envelope-from andreas@romab.com) Received: from rot13.romab.com (rot13.romab.com [194.52.231.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id F00A543D48 for ; Thu, 22 Sep 2005 22:12:47 +0000 (GMT) (envelope-from andreas@romab.com) Received: by rot13.romab.com (Postfix, from userid 30002) id DE30D29D5FB; Fri, 23 Sep 2005 00:12:45 +0200 (CEST) Received: from [127.0.0.1] (rot13.romab.com [194.52.231.20]) by rot13.romab.com (Postfix) with ESMTP id A82C929D59A; Fri, 23 Sep 2005 00:12:44 +0200 (CEST) Message-ID: <43332CD7.4070107@romab.com> Date: Fri, 23 Sep 2005 00:14:47 +0200 From: Andreas Jonsson User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050326) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Borja Marcos References: In-Reply-To: X-Enigmail-Version: 0.90.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on rot13.romab.com X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.0.3 Cc: freebsd-security@freebsd.org Subject: Re: Mounting filesystems with "noexec" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Sep 2005 22:12:48 -0000 Borja Marcos wrote: > > Hello, > > I've been playing a bit with the "noexec" flag for filesystems. It can > represent a substantial obstacle against the exploitation of security > holes. > I think TPE (trusted path execution) would be the prefered solution to this problem. As others have pointed out, circumventing the 'noexec' attribute is pretty easy. That said, i don't think it is a bad idea to use this, but one should be aware of how this defense might be defeated. Instead of running "./script.sh" or "./script.pl" you just have to type /bin/sh script.sh or /usr/bin/perl script.pl which gives pretty much everything you need when it comes to using exploits. In linux you could also circumvent it by using /lib/ld.so exploit, but i'm not sure if that is "fixed" now or not. TPE requires all the binaries and subpaths to be owned by root. ie /home/ /home/user and /home/user/file need to be owned by root to allow execution. GRSec for linux provides this functionality aswell as Stephanie does for OpenBSD. Both solves the problems with interperters aswell, but i havent looked into how, just used system that uses TPE. If there are problems with TPE that people know about, please tell. Obvious things are mounted filesystems from other machines, like nfs. /andreas