[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code that crashes kernel at will + proposed patch

To: Artur Grabowski <art@blahonga.org>
Subject: Re: Code that crashes kernel at will + proposed patch
From: Chad Loder <cloder@acm.org>
Date: Sun, 02 Dec 2001 23:37:11 -0800
Cc: tech@openbsd.org
References: <Chad Loder's message of "Sun, 02 Dec 2001 12:34:43 -0800"> <5.1.0.14.2.20011202123327.03d0bef0@pop-server.socal.rr.com>

At Monday 12/3/2001 12:15 AM +0100, Artur wrote:
>Chad Loder <cloder@acm.org> writes:
>
> > I was able to reproduce this on OpenBSD 2.9-STABLE.
> >
> > The "Stephanie" TPE patch seems to protect against
> > non-root exploitation of this DoS.
> >
> >          http://www.packetfactory.net/Projects/Stephanie/
>
>No it doesn't, unless you explicitly disallow your users to exec their own
>binaries.

That's *exactly* what Stephanie is used for. To quote from
the docs:

"A trusted path is one where the parent directory is owned
by root and is neither group or other writeable. The TPE works
off an internal list of trusted user id's. If a given user
tries to execute a file not in a trusted path, and their user
id is not in the kernels trusted list, they are denied execution
privileges. In real terms, this means they can't download,
compile and run krad-sploit.c. "

         c

References:
- Re: Code that crashes kernel at will + proposed patch
  - From: Chad Loder <cloder@acm.org>
- Re: Code that crashes kernel at will + proposed patch
  - From: Artur Grabowski <art@blahonga.org>

Prev by Date: FXP0 device timeout on Tyan i815T motherboard.
Next by Date: Netgear 410TX
Prev by thread: Re: Code that crashes kernel at will + proposed patch
Next by thread: Re: Code that crashes kernel at will + proposed patch
Index(es):
- Date
- Thread