From owner-freebsd-hackers@FreeBSD.ORG Mon Sep 20 14:54:51 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B656916A4CE for ; Mon, 20 Sep 2004 14:54:51 +0000 (GMT) Received: from athena.softcardsystems.com (mail.softcardsystems.com [12.34.136.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C0BB43D46 for ; Mon, 20 Sep 2004 14:54:51 +0000 (GMT) (envelope-from sah@softcardsystems.com) Received: from athena (athena [12.34.136.114])i8KFsUT1024834; Mon, 20 Sep 2004 10:54:30 -0500 Date: Mon, 20 Sep 2004 10:54:30 -0500 (EST) From: Sam X-X-Sender: sah@athena To: Mike Meyer In-Reply-To: <16715.50688.830652.474272@guru.mired.org> Message-ID: References: <4146316C000077FD@ims3a.cp.tin.it> <20040916235936.GO23987@parcelfarce.linux.theplanet.co.uk> <20040918030531.GA23987@parcelfarce.linux.theplanet.co.uk> <16715.50688.830652.474272@guru.mired.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: viro@parcelfarce.linux.theplanet.co.uk cc: gerarra@tin.it cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD Kernel buffer overflow X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 14:54:51 -0000 On Sat, 18 Sep 2004, Mike Meyer wrote: > In <001801c49d38$1c8cb790$1200a8c0@gsicomp.on.ca>, Matt Emmerton typed: >> I disagree. It really comes down to how secure you want FreeBSD to be, and >> the attitude of "we don't need to protect against this case because anyone >> who does this is asking for trouble anyway" is one of the main reason why >> security holes exist in products today. (Someone else had brought this up >> much earlier on in the thread.) > > You haven't been paying close enough attention to the discussion. To > exploit this "security problem" you have to be root. If it's an > external attacker, you're already owned. > > That leaves trojans. Those are always a problem for OSS - and for > proprietary software. With OSS, you have the option of auditing the > code yourself, though that has been beaten (by Ritchie, I believe > *). Personally, I trust the FreeBSD committers to not trojan my system > - and if they were going to, there are *so* many easier ways to do > it. Should I ever decide to run a third party kernel module, I may > well audit the code for that module. But I take that risk everytime I > install software - whether it's from ports, commercial, or just > grabbed off the web. > > > *) There was at one time a hacked C compiler that did two evil > things. The first evil thing was to recognize the password checking > code in login, and generate code that always accepted a "back door" > password as well as the real password. The second evil thing was to > recognize the place in the C compiler where the two hacks were, and > reinsert them into the generated code. So a source audit would turn up > nothing, but the system was thoroughly compromised. http://www.acm.org/classics/sep95/ Cheers, Sam