Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds

Klaus Lichtenwalder (Klaus.Lichtenwalder@webforum.de)
Sun, 9 Aug 1998 01:00:18 +0100 (WET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael H. Warfield: "Re: Linux 2.1.115ac1 released - problems?"
Previous message: Tony Lill: "Re: More info, Network problems [PPP and IPMASQ]"

On Sat, 8 Aug 1998, Jon Lewis wrote:

> On Fri, 7 Aug 1998, Linus Torvalds wrote:
[...]
> > Yes, the kernel hack can protect you against a limited form of old-style
> > but not yet known exploits. However, I still claim that it's better to
> > find them the hard way rather than not find them at all, and I also claim
> ^^^^^^^^^^^^^^^^^^^^
> That's not an issue either. If a buffer overflow is caught, the system
> complains and logs info about it. You get to find the new bugs _and_
> avoid being rooted.
>
> > that making the no-stack-exec patch the default wouldn't help anyway,
> > because it would just mean that the crackers who _do_ come up with new
> > ideas would take it into account by default, and then the protection is
>
> That's the only downside I see. If there are ways around the patch, and
> if it were to become standard, all new exploits for linux would have to
> take no-stack-exec into account and attempt to work around it. I'm not
> sure there's an easy way around no-stack-exec that doesn't require lots of
> trial and error, meaning a cracker would likely be caught before they get
> far.
>
Correct. But even then I'd leave that patch in the kernel, as there may
be the need to have legacy apps running that don't get corrected.
I also have a phf-trapdoor program running, even though that kind
of exploit is years old. People (kids?) still try it regularly and I
complain to their postmaster ( the last time, the postmaster admitted
her domain was hacked by that trick). To me, this patch is totally valid
and I *know* that it covers only some small way into my machine that
existed before. But I try to close every possible way into my machine.
And I prefer looking at an application because its named turned up in a
message in the log file instead of being used as gateway into my machine
in a way I can't retrace.

-- Klaus ------------------------------------------------------------------------ Klaus Lichtenwalder, Dipl. Inform., PGP Key: email to key@Four11.com Lichtenwalder@ACM.org http://www.wp.com/Klaus K.Lichtenwalder@Computer.org fax: +49-89-91072699 Glaube keiner Konfiguration, die -- Ich, nach entsprechender Du nicht selbst verpfuscht hast -- Erfahrung ...

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Michael H. Warfield: "Re: Linux 2.1.115ac1 released - problems?"
Previous message: Tony Lill: "Re: More info, Network problems [PPP and IPMASQ]"