Another cool attack on this mechanism is if the binary uses shared libraries: modify LD_LIBRARY_PATH so that its favorite shared library is your own version of the library, that proceeds to dump the entire application to disk when executed.
The challenge of adding additional sandbox/restrictions outside of the traditional uid boundaries in UNIX is challenging. The number of ways to influence a programs execution is quite sizable... On Sun, 25 Jul 1999 jko...@freebsd.org wrote: > > > jk> Yes, but /if/ KTRACE is present, today's code allows you to bypass > jk>the lack of read permissions on an executable. That shouldn't be > jk>allowed. The current behaviour could be regarded as a security > jk>hole actually :). > > sef> No more so than core dumps do. > > Yes, but an application can protect itself from an inadvertent core dump. > It can't (today) against being ktrace'd. > > sef> I vote strongly against this change. > > Noted, thanks. > > I will summarize the result of the discussion in a followup to kern/3546. > > Regards, > Koshy > > > > > To Unsubscribe: send mail to majord...@freebsd.org > with "unsubscribe freebsd-hackers" in the body of the message > Robert N M Watson rob...@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Computing Laboratory at Cambridge University Safeport Network Services To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
