Date: Mon, 24 Aug 1998 22:36:24 +0000 From: Niall Smart <rotel@indigo.ie> To: dyson@iquest.net, joelh@gnu.org Cc: imp@village.org, dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <199808242136.WAA00657@indigo.ie> In-Reply-To: <199808240620.BAA04415@dyson.iquest.net>; "John S. Dyson" <dyson@iquest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 24, 1:20am, "John S. Dyson" wrote: } Subject: Re: I want to break binary compatibility. > Joel Ray Holveck said: > > >>> I have a problem with some hackers that are obsessed with making my > > >>> ISP's life miserable (they've already hacked our SGI). I've slapped > > >>> together a FreeBSD box to throw their webpages on it, turned off all > > >>> services except http. > > >> While you are at it and breaking binary compatibility for security > > >> reasons, make sure you remove stuff a webserver doesn't need such as > > >> /usr/include, compilers, manpages, etc. Maybe PicoBSD would be the > > >> place to start? [snip] > I posted this through another mechanism by mistake, and so I apologize > if this message is a repeat for you: > > Try modifying your system so that one of the flags bits is required to > run a program. It would the require both the flags bit and the executable > bit. Make sure the system cannot allow anyone but root set the chosen > flags bit. Maybe you could use the immutable flag, for this so that you > get theoretical immutability along with the ability to run code. You > might want to relax the restriction for root, but maybe not (depending > on how your admin scheme is setup.) None of these hacks achieve security. You, of all people, should know better. The original poster should figure out how they are breaking in and close the hole, obfuscation schemes like the above are a waste of time. Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808242136.WAA00657>