Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!EU.net!main.Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 28 Apr 1997 12:54:34 GMT Organization: interface business GmbH, Dresden Lines: 71 Message-ID: <5k26ma$mr0@innocence.interface-business.de> References: <3356E1CC.299E@softway.com.au> <335798C2.167EB0E7@freebsd.org> <DERAADT.97Apr18181055@zeus.pacifier.com> <slrn5li6bf.rjd.tqbf@char-star.rdist.org> <5jd1jt$m30@web.nmti.com> <slrn5ll06k.kd3.tqbf@char-star.rdist.org> <5jhur6$51u@innocence.interface-business.de> <slrn5lpvmq.1hm.tqbf@char-star.rdist.org> <5jl4b3$clb@innocence.interface-business.de> <slrn5lt11e.ela.tqbf@char-star.rdist.org> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Xref: euryale.cc.adfa.oz.au comp.unix.bsd.misc:3104 comp.security.unix:34090 tqbf@char-star.rdist.org (Thomas H. Ptacek) wrote: > >Besides, /etc/ttys being in the domain of the system administrator, so > >whatever it might be, it's at least one order of magnitude less > >critical. > > Uh. It completely breaks securelevels. I think that's fairly critical. > Don't you? As stated months ago (I again note that no announcement was > made regarding this problem), PID 1 can lower the securelevel (few people > realize this). I didn't realize this either. I personally think that's not a good idea at all. If you intend to do system maintenance, you can as well reboot the machine into single-user mode, as opposed to shutting it down into single-user (presumably the only reason why PID 1 is allowed to lower the securelevel). What do you think? > /sbin/init, running on most systems at PID 1, has a stack > overflow involving a gettyent() pulling in an overly-long terminal type > from /etc/ttys. > > I don't think this is an "order of magnitude" less critical than anything. It's an order of magnitude less critical than the crt0 problem, since it's still restricted to people with root privilege. If somebody can gain unauthorized root privs, _there_ is the problem. > >securelevel 2. I think the biggest omission from the securelevel > >checks is for /dev/io, which has only recently been changed to > > Pretty humorous, neh? I don't suppose any of you have bothered to ask Mr. > de Raadt about other potential problems with securelevels? He is, as you I'm not in a position to ask Mr. de Raadt anything, sorry. Last time i did (and suggested him to submit his enhancements to phkmalloc to the author, after him publically complaining that the FreeBSD team were ignoring his modifications), i've got such a rude reply (for no other reason than being a member of the FreeBSD development team, apparently) that i've now put this case aside as being hopeless. It's sad, but i cannot change it. No, unlike somebody we both know, i'm not going to post private mail in public. > >months before however. It's only that this change never made it back > >to the 2.1 branch. > > That's not true. As I stated when I alerted you to the problem in the > first place, 2.2 was, at the time, completely vulnerable as well. But you was wrong with this. The library bug was still there, but not the crt0 hole. The library code itself was inherited from CSRG, as you certainly know as well. ---------------------------- revision 1.21 date: 1995/11/02 12:42:42; author: ache; state: Exp; lines: +1 -12 Remove my locale hack. Sigh. ---------------------------- This doesn't exactly predate the foundation of OpenBSD, but it was less than one month after this foundation (according to the checkin date of CVS's ``modules'' file on 1995/10/14), and quite some time before OpenBSD started to concentrate on security issues. -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j