Re: Mounting filesystems with "noexec"

>> Borja Marcos wrote:
>> 
>>     Hello,
>> 
>> I've been playing a bit with the "noexec" flag for filesystems. It  can
>> represent a substantial obstacle against the exploitation of  security
>> holes.
>> 
>
> I think TPE (trusted path execution) would be the prefered solution to
> this problem. As others have pointed out, circumventing the 'noexec'
> attribute is pretty easy. That said, i don't think it is a bad idea to
> use this, but one should be aware of how this defense might be defeated.
> 
> Instead of running "./script.sh" or "./script.pl" you just have to type
> /bin/sh script.sh or /usr/bin/perl script.pl which gives pretty much
> everything you need when it comes to using exploits. In linux you could
> also circumvent it by using /lib/ld.so exploit, but i'm not sure if that
> is "fixed" now or not.
>
> TPE requires all the binaries and subpaths to be owned by root. ie
> /home/
> /home/user and /home/user/file need to be owned by root to allow
> execution. GRSec for linux provides this functionality aswell as
> Stephanie does for OpenBSD.
> 
> Both solves the problems with interperters aswell, but i havent looked
> into how, just used system that uses TPE. If  there are problems with
> TPE that people know about, please tell. Obvious things are mounted
> filesystems from other machines, like nfs.
>
> /andreas

IMHO, It can be used as a security layer, if the noexec partition is used by  
a chroot'ed aplication. chroot'ing on the noexec partition would increase the 
eficiency of noexec.

I think at least the intruder won't feel in a confortable enviroment when 
exploiting the chrooted aplication...

--Aristeu
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"