Bugtraq mailing list archives
Re: Lets make sure these are fixed (was: Tim Newsham)
From: avalon () coombs anu edu au (Darren Reed)
Date: Tue, 4 Oct 1994 19:48:16 +1000 (EST)
[...]
Question I have is - how does doing all those saves and restores in SPARC assembler result in the user being able to modify the ucred struct in a running program without privs to modify memory directly? I suppose a workaround would be to (cringe) disable ps temporarily, or forthose who can, modify it to not show that address info and and deny the info needed to find the ucred struct in a running program, at least until a real fix is devised. Perhaps another idea would be to devise some test to result in the process being killed when a user overflows the register windows (hell, I'm really groping here, so bear with me).
There are patches for the stack frame bug and restricting access just won't work at all. The program is writing/reading /dev/kmem (effectively). Even if the kernel executeable is unreadable so you can't get a namelist easily, you're still no better off than stopping this one particular script from working. [...]
'Bout time source licenses (for reconfig rights only, not derived works, a hefty fee and royalties are appropriate for that) became more affordable so honest folk would have access and a better chance of dealing with these people. That would at least allow enough differences to be introduced that crackers would not be assured of identical conditions from site to site.
[...] It also creates more work for you. Having binary distribs is sometimes a blessing in disguise if you're busy. It is also more work for Sun, they have to distribute source code updates as well as binary updates in patches. And then you have to patch and recompile. But, if you've got source code, keeping it any place on the net in an accessible (even if read-only) is counterproductive if you have any security goals. IF 4.4-Lite has `bin mail' fixed, then why not buy a 4.4-Lite CD-ROM, compile theirs and use that in place of Sun's ? That's what I'd do. You'll have the source code too. Heck, why not `upgrade'/install netbsd-sparc ? It's binary compatible, to the point of being able to run X11R5 on a Sun4c. It's currently not totally bug-free, but you *do* have source to patch yourself as needed. How many other bits and pieces now have plug-in replacements in the interests of security ? Hmmm ? That's why we have packages like logdaemon, etc. rm those insecure/unknown binaries and use source code.. darren
Current thread:
- Routing problem - solved, (continued)
- Routing problem - solved Tim Newsham (Oct 02)
- Routing problem - solved Tim Newsham (Oct 02)
- Tim Newsham's mail .... David Kovar (Oct 02)
- Tim Newsham Neil Woods (Oct 02)
- fk Michael Bukhin (Oct 02)
- Lets make sure these are fixed (was: Tim Newsham) Pat Myrto (Oct 03)
- Re: Lets make sure these are fixed (was: Tim Newsham) Casper Dik (Oct 03)
- Re: Lets make sure these are fixed (was: Tim Newsham) Pat Myrto (Oct 03)
- Re: Lets make sure these are fixed (was: Tim Newsham) Christopher Klaus (Oct 03)
- Re: Lets make sure these are fixed (was: Tim Newsham) Timothy Newsham (Oct 03)
- Re: Lets make sure these are fixed (was: Tim Newsham) Darren Reed (Oct 04)
- (Fwd) Chris France (Oct 03)