From owner-freebsd-hackers Sat Dec 14 12:44:43 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id MAA10570 for hackers-outgoing; Sat, 14 Dec 1996 12:44:43 -0800 (PST) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id MAA10550 for ; Sat, 14 Dec 1996 12:44:39 -0800 (PST) From: proff@suburbia.net Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id MAA00303 for ; Sat, 14 Dec 1996 12:45:06 -0800 (PST) Received: (qmail 973 invoked by uid 110); 14 Dec 1996 20:44:16 -0000 Message-ID: <19961214204416.972.qmail@suburbia.net> Subject: Re: questions... In-Reply-To: from Steve Reid at "Dec 14, 96 12:18:21 pm" To: steve@edmweb.com (Steve Reid) Date: Sun, 15 Dec 1996 07:44:16 +1100 (EST) Cc: hackers@freebsd.org, security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Only worry about files that are suid or sgid. Other binaries can't do > anything that the user can't do. Removing the execute bit from > non-suid/sgid binaries won't add any to security- a malicious user can > create any non-suid/sgid file him/her self. Even if you remove gcc, the > user could still FTP the files from ftp.cdrom.com. Removing FTP won't help > either- clever use of redirection can allow a user to transfer whatever > files they want over their own tty. /dev/wd0a on / (asynchronous, local, noatime) procfs on /proc (local, nodev, noexec, nosuid) mfs:24 on /tmp (asynchronous, local, noatime, nodev, noexec, nosuid) /dev/wd0s1f on /usr (asynchronous, local, noatime, nodev) /dev/wd0s1e on /var (asynchronous, local, noatime, nodev, noexec, nosuid) /dev/wd2s1e on /usr/local/var (asynchronous, local, nodev, noexec, nosuid) /dev/wd3s1e on /home (asynchronous, local, nodev, noexec, nosuid) /dev/sd0s1e on /data (asynchronous, local, nodev, noexec, nosuid) /data/ftp/pub on /usr/local/ftp/pub (local, nodev, noexec, nosuid) /dev/matcd0a on /usr/local/ftp/mnt/cd0 (local, nodev, noexec, nosuid, read-only) ../sbin-sec is root, mode 700 there are no writable directories on / or /usr Note that you will also need to modify ld.so to prevent dynamic binding using env variables. Unfortunately this isn't a total cure, because there are 1001 stack overflows in NON-suid programs. total 10676 -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 adjkerntz -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 badsect lrwxr-xr-x 1 bin bin 21 Dec 12 17:22 ccdconfig -> ../sbin-sec/ccdconfig -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 clri -r-xr-xr-x 1 bin bin 36864 Dec 12 17:21 comcontrol -r-xr-xr-x 1 bin bin 110592 Dec 12 17:21 disklabel lrwxr-xr-x 1 bin bin 17 Dec 12 17:22 dmesg -> ../sbin-sec/dmesg -r-xr-xr-x 1 bin bin 90112 Dec 12 17:21 dset lrwxr-xr-x 1 bin bin 16 Dec 12 17:22 dump -> ../sbin-sec/dump -r-xr-xr-x 1 bin bin 61440 Dec 12 17:21 dumpfs -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 dumplfs -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 dumpon -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 fastboot -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 fasthalt -r-xr-xr-x 1 bin bin 53248 Dec 12 17:21 fdisk -r-xr-xr-x 1 bin bin 180224 Dec 12 17:21 fsck -r-xr-xr-x 1 bin bin 270336 Dec 12 17:21 fsdb -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 ft -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 halt -r-xr-x--- 1 bin staff 131072 Dec 12 17:21 ifconfig -r-x------ 1 bin bin 184320 Nov 23 17:53 init -r-xr-xr-x 1 bin bin 122880 Dec 12 17:21 ipfw -r-xr-xr-x 1 bin bin 45056 Dec 12 17:21 ldconfig -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 md5 -r-xr-xr-x 1 bin bin 36864 Dec 12 17:21 mknod -r-xr-xr-x 1 bin bin 45056 Dec 12 17:21 modload -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 modunload -r-xr-xr-x 1 bin bin 69632 Dec 12 17:21 mount -r-xr-xr-x 1 bin bin 49152 Dec 12 17:21 mount_cd9660 -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_devfs -r-xr-xr-x 1 bin bin 49152 Dec 12 17:21 mount_ext2fs -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_fdesc -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_kernfs -r-xr-xr-x 1 bin bin 49152 Dec 12 17:21 mount_lfs -r-xr-xr-x 2 bin bin 122880 Dec 12 17:21 mount_mfs lrwxr-xr-x 1 bin bin 23 Dec 12 17:22 mount_msdos -> ../sbin-sec/mount_msdos -r-xr-xr-x 1 bin bin 122880 Dec 12 17:21 mount_nfs -r-xr-xr-x 1 bin bin 53248 Dec 12 17:21 mount_null -r-xr-xr-x 1 bin bin 204800 Dec 12 17:21 mount_portal -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_procfs -r-xr-xr-x 5 bin bin 49152 Dec 12 17:21 mount_std -r-xr-xr-x 1 bin bin 57344 Dec 12 17:21 mount_umap -r-xr-xr-x 1 bin bin 53248 Dec 12 17:21 mount_union -r-xr-xr-x 1 bin bin 200704 Dec 12 17:21 mountd -r-xr-xr-x 2 bin bin 122880 Dec 12 17:21 newfs -r-xr-xr-x 1 bin bin 98304 Dec 12 17:21 newlfs -r-xr-xr-x 1 bin bin 40960 Dec 12 17:21 nextboot -r-xr-xr-x 1 bin bin 69632 Dec 12 17:21 nfsd -r-xr-xr-x 1 bin bin 61440 Dec 12 17:21 nfsiod -r-xr-xr-x 1 bin bin 1907 Dec 12 17:21 nologin -r-sr-xr-x 1 root bin 122880 Dec 12 17:21 ping -r-xr-xr-x 1 bin bin 139264 Dec 12 17:21 quotacheck -r-xr-xr-x 1 root bin 118784 Dec 12 17:21 rdisc lrwxr-xr-x 1 bin bin 17 Dec 12 17:22 rdump -> ../sbin-sec/rdump -r-xr-xr-x 4 bin bin 167936 Dec 12 17:22 reboot lrwxr-xr-x 1 bin bin 19 Dec 12 17:22 restore -> ../sbin-sec/restore lrwxr-xr-x 1 bin bin 17 Dec 12 17:22 route -> ../sbin-sec/route -r-x------ 1 root bin 180224 Dec 12 17:22 routed lrwxr-xr-x 1 bin bin 20 Dec 12 17:22 rrestore -> ../sbin-sec/rrestore -r-x------ 1 root bin 122880 Dec 12 17:22 rtquery -r-xr-xr-x 1 bin bin 69632 Dec 12 17:22 savecore -r-xr-xr-x 1 bin bin 65536 Dec 12 17:22 scsi -r-xr-xr-x 1 bin bin 3306 Dec 12 17:22 scsiformat lrwxr-xr-x 1 bin bin 20 Dec 12 17:22 shutdown -> ../sbin-sec/shutdown -r-xr-xr-x 1 bin bin 61440 Dec 12 17:22 slattach lrwxr-xr-x 1 bin bin 21 Dec 12 17:22 sliplogin -> ../sbin-sec/sliplogin -r-xr-xr-x 1 bin bin 69632 Dec 12 17:22 startslip -r-xr-xr-x 1 bin bin 49152 Dec 12 17:22 swapon -r-xr-xr-x 1 bin bin 45056 Dec 12 17:22 tunefs -r-xr-xr-x 1 bin bin 122880 Dec 12 17:22 umount -Julian A. (proff@suburbia.net)