Date: Tue, 18 Jan 2000 15:17:18 +1100 (EST) From: Nicholas Brawn <ncb@attrition.org> To: Omachonu Ogali <oogali@intranova.net> Cc: Spidey <beaupran@iro.umontreal.ca>, Alexander Langer <alex@big.endian.de>, Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG Subject: Re: sh? Message-ID: <Pine.LNX.4.10.10001181513340.14565-100000@zipperii.zip.com.au> In-Reply-To: <Pine.BSF.4.10.10001172254020.97329-100000@hydrant.intranova.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Jan 2000, Omachonu Ogali wrote: > That was the purpose for the denying code, to try and stop the attack > before it goes through. For instance, 'named' shouldn't be executing sh, > so I would add 'named' to the file, see where I'm going? > > Omachonu Ogali > Intranova Networking Group > I thought of doing something similar to this in the kernel last year. On execve(), check the calling process name/etc and compare to a database for acceptable calling processes. Ie, disallow the calling of execve() from certain network services. The difficulty would be in making a suitable interface for such a modification. I also think there must be more elegant ways of accomplishing the same thing, such as what Robert Watson has been discussing in his recent posts. Cheers, Nick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10001181513340.14565-100000>