*BSD News Article 94283


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!news.radio.cz!newsbastard.radio.cz!news.radio.cz!CESspool!news-feed.inet.tele.dk!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!news.sesqui.net!uuneo.neosoft.com!web.nmti.com!peter
From: peter@nmti.com (Peter da Silva)
Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix
Subject: Re: *BSD* Security WWW/Mailing List?
Date: 23 Apr 1997 20:24:32 GMT
Organization: Network/development platform support, NMTI
Lines: 34
Message-ID: <5jlr60$f7d@web.nmti.com>
References: <3356E1CC.299E@softway.com.au> <slrn5ll06k.kd3.tqbf@char-star.rdist.org> <5jhur6$51u@innocence.interface-business.de> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org>
NNTP-Posting-Host: sonic.nmti.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6734 comp.unix.bsd.misc:3071 comp.security.unix:33933

In article <slrn5lpvmq.1hm.tqbf@char-star.rdist.org>,
Thomas H. Ptacek <tqbf@enteract.com> wrote:
> I'm not being malicious; I'm being frank. People "affiliated" with FreeBSD
> have decided to state that OpenBSD has a negligible security advantage
> over FreeBSD - I find this ludicrous and misleading.

If you're talking about me, no, I haven't said any such thing. I simply said
that bugs in the C runtime (and as far as I'm concerned anything that runs
before user-written code gets in control is the same chunk of code... it's
got the same security problems and the same universality and it's just as hard
to deal with without fixing the code) are not new. I don't know if SVR4 or
SunOS put the code in "start()" or somewhere else, and I don't care. The
security impact is the same, and the exact location of the broken code is
almost irrelevant.

Anything that's run with inherited privileges that imports an untrusted
environment needs to be staticly linked. I don't believe anyone's shared
library code is good enough to trust uncritically, though the discussions
I've been having offline about my comment have brought up some neat hacks
for enhancing as well as "degrading" security.

For the LD_* environment problem, it'd help if it checked whether the
library it was running had the same owner as the euid, or root, if euid
isn't ruid or euid = 0. That'd make a number of interesting attacks not
work.

Similar approaches are also possible on System V, though you'd have to
set the setuid bit on all the libraries. I'll explain why if anyone's
really interested.
-- 
           The Reverend Peter da Silva, ULC, COQO, BOFH, KIBO.

Har du kramat din varg, idag? `-_-'                            Vi er alle Kibo.
                                                            Wir alle sind Kibo.