Firewall Wizards mailing list archives
Re: syscall wrappers (was Re: chroot useful?)
From: George Ross <gdmr () dcs ed ac uk>
Date: Tue, 18 Nov 1997 09:52:06 +0000
... Nicer still would be to integrate the facility down in the kernel proper, on the far side of the syscall interface; rather than wrapping the syscalls in libc, actually indirect them on the far side of the syscall interface so the original (unwrapped) syscalls aren't available through any calling interface in the client program. ...
I remember doing this a few years ago to a lab of Sun 3/50 machines running SunOS 4.0.3. The system call vector was one of the kernel files distributed in source form, so I was able to fix chmod, fchmod and umask (I think that was the lot) so that they returned EPERM unless the caller's group ID was below a certain threshold. And that, together with 0700-mode home directories, quotas on /tmp and /usr/tmp, and a primitive kind of rlogin wrapper, was enough to bring the incidence of hacking down from huge to zero -- it was remarkably effective. Back then, of course, 3/50s were new and exciting (well, sort of...). A couple of years later the University had installed some much more desirable machines, and our labs weren't nearly such tempting hacker targets. -- Dr George D M Ross, Department of Computer Science, University of Edinburgh Kings Buildings, Mayfield Road, Edinburgh, Scotland, EH9 3JZ Mail: gdmr () dcs ed ac uk Voice: +44 131 650 5147 Fax: +44 131 667 7209 PGP: 1024/B74A4F7D 14 E8 B3 00 20 04 68 F8 95 40 CB 36 A4 D4 FA 90
Current thread:
- Re: chroot useful?, (continued)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Rick Murphy (Nov 17)
- Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 20)
- Re: Hardening, (was Re: chroot useful?) Paul D. Robertson (Nov 21)
- Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Wolfgang Ley (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Aleph One (Nov 17)
- syscall wrappers (was Re: chroot useful?) Bennett Todd (Nov 17)
- Re: syscall wrappers (was Re: chroot useful?) George Ross (Nov 20)
- Re: chroot useful? Darren Reed (Nov 20)
- Firewalling DCOM and brethren David C Niemi (Nov 21)
- Re: Firewalling DCOM and brethren Magossa'nyi A'rpa'd (Nov 21)
- Re: chroot useful? C. Harald Koch (Nov 20)