Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!news.radio.cz!newsbastard.radio.cz!news.radio.cz!CESspool!news-feed.inet.tele.dk!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!news.sesqui.net!uuneo.neosoft.com!web.nmti.com!peter From: peter@nmti.com (Peter da Silva) Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 23 Apr 1997 20:24:32 GMT Organization: Network/development platform support, NMTI Lines: 34 Message-ID: <5jlr60$f7d@web.nmti.com> References: <3356E1CC.299E@softway.com.au> <slrn5ll06k.kd3.tqbf@char-star.rdist.org> <5jhur6$51u@innocence.interface-business.de> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org> NNTP-Posting-Host: sonic.nmti.com Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6734 comp.unix.bsd.misc:3071 comp.security.unix:33933 In article <slrn5lpvmq.1hm.tqbf@char-star.rdist.org>, Thomas H. Ptacek <tqbf@enteract.com> wrote: > I'm not being malicious; I'm being frank. People "affiliated" with FreeBSD > have decided to state that OpenBSD has a negligible security advantage > over FreeBSD - I find this ludicrous and misleading. If you're talking about me, no, I haven't said any such thing. I simply said that bugs in the C runtime (and as far as I'm concerned anything that runs before user-written code gets in control is the same chunk of code... it's got the same security problems and the same universality and it's just as hard to deal with without fixing the code) are not new. I don't know if SVR4 or SunOS put the code in "start()" or somewhere else, and I don't care. The security impact is the same, and the exact location of the broken code is almost irrelevant. Anything that's run with inherited privileges that imports an untrusted environment needs to be staticly linked. I don't believe anyone's shared library code is good enough to trust uncritically, though the discussions I've been having offline about my comment have brought up some neat hacks for enhancing as well as "degrading" security. For the LD_* environment problem, it'd help if it checked whether the library it was running had the same owner as the euid, or root, if euid isn't ruid or euid = 0. That'd make a number of interesting attacks not work. Similar approaches are also possible on System V, though you'd have to set the setuid bit on all the libraries. I'll explain why if anyone's really interested. -- The Reverend Peter da Silva, ULC, COQO, BOFH, KIBO. Har du kramat din varg, idag? `-_-' Vi er alle Kibo. Wir alle sind Kibo.