Date: Fri, 23 Sep 2005 00:14:47 +0200 From: Andreas Jonsson <andreas@romab.com> To: Borja Marcos <borjamar@sarenet.es> Cc: freebsd-security@freebsd.org Subject: Re: Mounting filesystems with "noexec" Message-ID: <43332CD7.4070107@romab.com> In-Reply-To: <F02FC593-8F19-40D4-B1E7-63B78F1E5300@sarenet.es> References: <F02FC593-8F19-40D4-B1E7-63B78F1E5300@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
Borja Marcos wrote: > > Hello, > > I've been playing a bit with the "noexec" flag for filesystems. It can > represent a substantial obstacle against the exploitation of security > holes. > I think TPE (trusted path execution) would be the prefered solution to this problem. As others have pointed out, circumventing the 'noexec' attribute is pretty easy. That said, i don't think it is a bad idea to use this, but one should be aware of how this defense might be defeated. Instead of running "./script.sh" or "./script.pl" you just have to type /bin/sh script.sh or /usr/bin/perl script.pl which gives pretty much everything you need when it comes to using exploits. In linux you could also circumvent it by using /lib/ld.so exploit, but i'm not sure if that is "fixed" now or not. TPE requires all the binaries and subpaths to be owned by root. ie /home/ /home/user and /home/user/file need to be owned by root to allow execution. GRSec for linux provides this functionality aswell as Stephanie does for OpenBSD. Both solves the problems with interperters aswell, but i havent looked into how, just used system that uses TPE. If there are problems with TPE that people know about, please tell. Obvious things are mounted filesystems from other machines, like nfs. /andreas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43332CD7.4070107>