Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 Dec 1998 12:17:35 -0500 (EST)
From:      Alfred Perlstein <bright@hotjobs.com>
To:        Mark Murray <mark@grondar.za>
Cc:        Joe Abley <jabley@clear.co.nz>, Kevin Day <toasty@home.dragondata.com>, freebsd-current@FreeBSD.ORG
Subject:   Re: modification to exec in the kernel? 
Message-ID:  <Pine.BSF.4.05.9812151211520.27793-100000@bright.fx.genx.net>
In-Reply-To: <199812151658.SAA68881@greenpeace.grondar.za>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Dec 1998, Mark Murray wrote:

> Joe Abley wrote:
> > On Tue, Dec 15, 1998 at 08:44:16AM +0200, Mark Murray wrote:
> > "Just about" - so there are _some_ exploits that would require a user-supplied
> > binary? So preventing execution of user-supplied binaries does give _some_
> > safety benefit?
> 
> 0.001%. If you can do it in C, you can do it in perl. Buffer exploits
> are much easier in C and assembler, though. A cracker with time is
> a dangerous beast, remember.
> 
> > I take your point, though - I was forgetting how much feature bloat there
> > is in perl.
> > 
> > Why people can't just make do with awk is a little beyond me :)
> 
> Shellscript+awk+sed is a potent combination in the hands of an
> uberhacker.
> 
> Consider the case of the virus-written-in-shellscript; when last
> and how often do you run tripwire? Are you _convinced_ that you
> have _never_ (both absolutes) run a user-written substitute (possibly
> trojaned) replacement for a system applet?
> 
> I've hit a perl replacement for ls(1) that only gloated. Yes, I
> was root.
> 

I think the point here is so that the next "biggie" out on rootshell
doesn't give every amatuer script kiddie root on your boxen.

Any 'uberhacker' on the otherhand might find an overflow in any util to
get it to run his arbitrary code.  (i've seen vi segfault)

It's not 1980, lock the doors and hope no one with a fireaxe comes
knocking.

Alfred Perlstein - Programmer, HotJobs Inc. - www.hotjobs.com
-- There are operating systems, and then there's FreeBSD.
-- http://www.freebsd.org/                        3.0-current

> M
> --
> Mark Murray
> Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9812151211520.27793-100000>