Re: rtld issue, MAC subsystem suggestion
On Dec 3, 2009, at 1:45 PM, Borja Marcos wrote:
> There's a wrong assumption I made: the MAC subsystem should make a =
root exploit hard to achieve, and the latest security issue shows that =
indeed that's not necessarily the case. I chose not to chroot the =
runnnig CGI's so that they saw a complete operating system, avoiding the =
costs of lots of phone calls to support because their script got a text =
file and ran awk on it, etc, etc, you know. Keeping lots of copies of =
the OS is quite ineffective. And restricting access to mostly harmless =
programs such as ping can be a problem as well. One of my compromises =
(wrong, maybe) was to offer the closest thing to a complete system as =
possible.
Which brings an idea... I understand it might sound a bit ad-hoc after =
this problem, but how about extending the usage of the MAC subsystem so =
that MAC policies are enforced for such things as the dynamic linker? It =
would certainly put a stop to a whole class of attacks.
If a program with a given integrity label tried to link with a lower =
integrity shared library maybe the operation should fail. Same should =
apply to mac/mls.=20
I see no reason to allow that behavior to succeed, and plenty of reasons =
for the MAC policies to be applied.
Borja.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"