Re: kernel module for chmod restrictions while in securelevel on
The module/change never proposed to stop the exploit. There's no reason
to attack someone trying to help the community. It's merely adding on
top of the already existing securelevel restrictions, such as chflags
restrictions. It makes a lot of sense to restrict setuid/setgid when in
securelevel, based on the fact that flags are as well.
But maybe securelevel should just be removed? By your arguments it's
useless, makes the system unstable and gives a false sense of security.
Bryan
On 7/31/2010 10:39 AM, Chris Walker wrote:
> Hi list
>
> #1 Not same exploit referenced in URL.
> #2 Not same bug, although you had the function right, sort of.
> #3 That kernel module is useless: The exploit in the wild has already changed to bypass such restriction.
> #4 The bug is already patched, upgrade your kernel.
> #5 If you intend on introducing a kernel module that potentially makes your system unstable, make sure it actually fixes the bug. This workaround merely made the exploit grow more lethal, and provides a FALSE sense of a security, and as such I would *STRONGLY* discourage use of this kernel module.
>
> This is a perfect example of why software developers never ever will be able to fight blackhat hackers: Ignorance.
>
> Thanks.
>
> On Jul 31, 2010, at 2:59 PM, Istv嫕 wrote:
>
>> http://www.securiteam.com/exploits/6P00C00EKO.html
>>
>> <http://www.securiteam.com/exploits/6P00C00EKO.html>HTH
>>
>> On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov <kostikbel@gmail.com>wrote:
>>
>>> On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote:
>>>> Kernel module for chmod restrictions while in securelevel one or higher:
>>>> http://gist.github.com/501800 (fbsd 8.x)
>>>>
>>>> Was looking at the new recent sendfile/mbuf exploit and it was using a
>>>> shellcode that calls chmod syscall to make a setuid/setgid binary.
>>> However
>>> Can you point to the exploit (code) ?
>>>
>>
>>
>> --
>> the sun shines for all
>>
>> http://l1xl1x.blogspot.com
>> _______________________________________________
>> freebsd-security@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 6 之 8 篇):