Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!swrinde!news.uh.edu!bonkers!web.nmti.com!peter
From: peter@nmti.com (Peter da Silva)
Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix
Subject: Re: *BSD* Security WWW/Mailing List?
Date: 24 Apr 1997 17:36:04 GMT
Organization: Network/development platform support, NMTI
Lines: 49
Message-ID: <5jo5m4$f9v@web.nmti.com>
References: <3356E1CC.299E@softway.com.au> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org> <5jlr60$f7d@web.nmti.com> <slrn5ltb2l.br4.tqbf@char-star.rdist.org>
NNTP-Posting-Host: sonic.nmti.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6746 comp.unix.bsd.misc:3085 comp.security.unix:33988
In article <slrn5ltb2l.br4.tqbf@char-star.rdist.org>,
Thomas H. Ptacek <tqbf@enteract.com> wrote:
> On the other hand, a problem in the C runtime library itself is not so
> easily resolved. The obvious issue is that, as an administrator, I have no
> control over the vulnerability of any program on my system. An
> unresolveable dynamic linking problem can still be worked around by
> running the entire system on statically linked binaries. A problem in the
> C runtime library requires every program on the system to be patched.
Running the entire system on staticly linked binaries requires relinking
everything.
Fixing a problem in the C runtime requires relinking everything.
The difference is too subtle for my tiny brain to perceive.
> >I've been having offline about my comment have brought up some neat hacks
> >for enhancing as well as "degrading" security.
> I don't suppose any of those "neat hacks" will be shared with the public?
Well, the only one that's really worth sharing is the UID checks.
> >For the LD_* environment problem, it'd help if it checked whether the
> >library it was running had the same owner as the euid, or root, if euid
> EUID checks within library routines are a bad idea. It would help if
> FreeBSD had an authoritative mechanism to identify programs as
> "privileged". FreeBSD currently does not.
What sort of mechanism are you thinking of? I don't know any conventional
UNIX system that has an "authoritative" mechanism for that. There's not
even an authoritative mechanism for finding out what program you are! All
you can do is look at your current UIDs.
I'm not sure if there *should* be a mechanism. The conventional UNIX
security model could be used a hell of a lot better than it is. For example,
if it was applied to network port access sendmail wouldn't have to run as
root to open port 25... all you'd need to do is set the modes on the
special file for accessing port 25 to <rw------- mail mail>.
Ideally, loading shlibs should be a kernel call, with the kernel applying
appropriate checks on the file. I'm not sure that the structure of the
kernel currently makes that practical, but the same checks still make sense.
--
The Reverend Peter da Silva, ULC, COQO, BOFH, KIBO.
Har du kramat din varg, idag? `-_-' Vi er alle Kibo.
Wir alle sind Kibo.