[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD rootkit?

To: Jolan Luff <jolan@enteract.com>
Subject: Re: OpenBSD rootkit?
From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Date: Sun, 14 Jul 2002 11:44:25 +0200
Cc: tech@openbsd.org
Content-Disposition: inline
References: <20020714162911.H869@tigerteam.net> <Pine.BSF.4.32L2.0207140408110.42129-100000@shell-3.enteract.com>
User-Agent: Mutt/1.4i

On Sun, Jul 14, 2002, Jolan Luff wrote:
> ssh -> privsep
> apache -> chroot

Chroot provides almost no extra security. It can be abused in many
ways when attacker gets uid=0 inside. And this is possible with a little
help from kernel bugs. 

Jail(2) syscall from FreeBSD provides limited environment and the
*real* security for imprisoning processes.

> there's no promises. just a humble mention of "1 remote hole in 6
> years". pretty damn good.

This claim is wrong, OpenSSH was vulnerable to CRC32 integer overflow
two years ago.

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *

Follow-Ups:
- Re: OpenBSD rootkit?
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>
- Re: OpenBSD rootkit?
  - From: Rukh <rukh@rukh.net>
- Re: OpenBSD rootkit?
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>
- Re: OpenBSD rootkit?
  - From: Henning Brauer <lists-openbsdtech@bsws.de>
- Re: OpenBSD rootkit?
  - From: Artur Grabowski <art@blahonga.org>

References:
- Re: OpenBSD rootkit?
  - From: Fyodor <fygrave@tigerteam.net>
- Re: OpenBSD rootkit?
  - From: Jolan Luff <jolan@enteract.com>

Prev by Date: Re: OpenBSD rootkit?
Next by Date: Re: OpenBSD rootkit?
Prev by thread: Re: OpenBSD rootkit?
Next by thread: Re: OpenBSD rootkit?
Index(es):
- Date
- Thread