Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.maxwell.syr.edu!EU.net!main.Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 23 Apr 1997 13:54:43 GMT Organization: interface business GmbH, Dresden Lines: 48 Message-ID: <5jl4b3$clb@innocence.interface-business.de> References: <3356E1CC.299E@softway.com.au> <335798C2.167EB0E7@freebsd.org> <DERAADT.97Apr18181055@zeus.pacifier.com> <slrn5li6bf.rjd.tqbf@char-star.rdist.org> <5jd1jt$m30@web.nmti.com> <slrn5ll06k.kd3.tqbf@char-star.rdist.org> <5jhur6$51u@innocence.interface-business.de> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Xref: euryale.cc.adfa.oz.au comp.unix.bsd.misc:3070 comp.security.unix:33924 (Removed the BSDi group.) tqbf@char-star.rdist.org (Thomas H. Ptacek) wrote: > I doubt that's the case, though, so I think my assertion (FreeBSD being > the only operating system to have a published hole in crt0 start(), a > claim which is unaffected by your statement regarding SVR4) is correct. Ok, i see your point, although it's only minor: the difference is whether only dynamic or any binary is affected. > There are other examples of FreeBSD > enhancements seriously compromising security (how about the terminal type > in /etc/ttys? Which `terminal type' that might be a FreeBSD enhancement? Besides, /etc/ttys being in the domain of the system administrator, so whatever it might be, it's at least one order of magnitude less critical. > I note that no announcement has ever been released about the > effectiveness of securelevels on afflicted systems.) What do you wanna hear? The biggest problem is the X server, since it's basically doing a job that would better be done in a kernel driver. Without an X server, you can use the system easily in securelevel 2. I think the biggest omission from the securelevel checks is for /dev/io, which has only recently been changed to disallow IOPL for any process if securelevel > 0. Same goes for the IOPL granting by the console drivers. > >OpenBSD started after FreeBSD 2.1, so > >they could already learn from our mistakes. > > This is simply not the case. The crt0 bug was published after 2.2 was > released. No. Remember, FreeBSD 2.1.7 was quite some months before 2.2. The hack that caused the security hole (and this is no doubt the most embarassing part of the story) has been diminished to be a bad idea months before however. It's only that this change never made it back to the 2.1 branch. -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j