Re: Disturbing news..

On Wed, 28 Mar 2001, Jesse Pollard wrote: > Sure - very simple. If the execute bit is set on a file, don't allow > ANY write to the file. This does modify the permission bits slightly > but I don't think it is an unreasonable thing to have. Oh, honestly! Think about what you are saying here: Wha

Re: Disturbing news..

Walter Hofmann <[EMAIL PROTECTED]>: > On Wed, 28 Mar 2001, Jesse Pollard wrote: [snip] > > Now, if ELF were to be modified, I'd just add a segment checksum > > for each segment, then put the checksum in the ELF header as well as > > in the/a segment header just to make things harder. At exec time

Re: Disturbing news..

On Wed, 28 Mar 2001, Jesse Pollard wrote: > By itself it doesn't - but if you also don't have user/group/world rw and > don't own the file, you can't do anything to it. This is all completely useless. Why not remove world rw permissions in the first place. If the admin isn't even able to write

Re: Disturbing news..

Ben Ford wrote: > > There are two problems I see here. First, there are several known ways > to elevate privileges. Fixable, except from guessing the root password which is hard. > If a virus can elevate privileges, then it owns > you. Second, this is a multi-OS virus. If you dual-boot int

Re: Disturbing news..

On Wed, 28 Mar 2001 [EMAIL PROTECTED] wrote: > Jesse Pollard writes: > > Absolutely true. The only help the checksumming etc stuff is good for is > > detecting the fact afterward by external comparison. > > Don't we already have that to some extent? rpm -ya or rpm -y > on a RedHat system? I'm

Re: Disturbing news..

Simon Williams wrote: > In message <[EMAIL PROTECTED]>, Olivier Galibert > <[EMAIL PROTECTED]> writes > >> On Wed, Mar 28, 2001 at 03:04:46PM +0100, Simon Williams wrote: >> >>> I think their point was that a program could only change permissions >>> of a file that was owned by the same owner.

Re: Disturbing news..

On Wed, Mar 28, 2001 at 04:49:26PM +0100, Simon Williams wrote: > What I meant was that if a file is owned by root with permissions of, > say, 555 (r-xr-xr-x), not setuid or setgid, then another executable > run as a non-root user cannot modify it or change the permissions to > 7 (rwx). It's alre

Re: Disturbing news..

Shawn Starr <[EMAIL PROTECTED]> said: > Well, why can't the ELF loader module/kernel detect or have some sort of > restriction on modifying other/ELF binaries including itself from changing > the Entry point? Because there are quite valid reasons for "normal" programs (e.g., ld(1) and other binar

Re: Disturbing news..

On Wed, Mar 28, 2001 at 09:57:47AM -0500, Alexander Viro wrote: > > On Wed, 28 Mar 2001, Romano Giannetti wrote: > > > Now the binary can do much less harm than before, or am I missing something? > > It have no access to real user data, but can use the system library and > > services without cha

Re: Disturbing news..

john slee <[EMAIL PROTECTED]> says: >On Wed, Mar 28, 2001 at 03:10:08PM +0100, Sean Hunter wrote: >> On Wed, Mar 28, 2001 at 06:08:15AM -0600, Jesse Pollard wrote: >> > Sure - very simple. If the execute bit is set on a file, don't allow >> > ANY write to the file. This does modify the permissio

Re: Disturbing news..

Jesse Pollard writes: > Absolutely true. The only help the checksumming etc stuff is good for is > detecting the fact afterward by external comparison. Don't we already have that to some extent? rpm -ya or rpm -y on a RedHat system? I'm sure that there is a Debian equivalent. -- Russell King

Re: Disturbing news..

In message <[EMAIL PROTECTED]>, Olivier Galibert <[EMAIL PROTECTED]> writes >On Wed, Mar 28, 2001 at 03:04:46PM +0100, Simon Williams wrote: >> I think their point was that a program could only change permissions >> of a file that was owned by the same owner. If a file is owned by a >> different

Re: Disturbing news..

Russell King <[EMAIL PROTECTED]> > > On Wed, Mar 28, 2001 at 08:40:42AM -0600, Jesse Pollard wrote: > > Now, if ELF were to be modified, I'd just add a segment checksum > > for each segment, then put the checksum in the ELF header as well as > > in the/a segment header just to make things harder.

Re: Disturbing news..

Russell King <[EMAIL PROTECTED]>: > On Wed, Mar 28, 2001 at 08:15:57AM -0600, Jesse Pollard wrote: > > objcopy - copies object files. Object files are not marked executable... > > objcopy copies executable files as well - check the kernel makefiles > for examples. At the time it's copying, the i

Re: Disturbing news..

Sean Hunter <[EMAIL PROTECTED]>: > On Wed, Mar 28, 2001 at 06:08:15AM -0600, Jesse Pollard wrote: > > Sure - very simple. If the execute bit is set on a file, don't allow > > ANY write to the file. This does modify the permission bits slightly > > but I don't think it is an unreasonable thing to h

Re: Disturbing news..

[cc list trimmed] On Wed, Mar 28, 2001 at 03:10:08PM +0100, Sean Hunter wrote: > On Wed, Mar 28, 2001 at 06:08:15AM -0600, Jesse Pollard wrote: > > Sure - very simple. If the execute bit is set on a file, don't allow > > ANY write to the file. This does modify the permission bits slightly > > but

Re: Disturbing news..

On Wed, Mar 28, 2001 at 08:40:42AM -0600, Jesse Pollard wrote: > Now, if ELF were to be modified, I'd just add a segment checksum > for each segment, then put the checksum in the ELF header as well as > in the/a segment header just to make things harder. At exec time a checksum > verify could (exp

Re: Disturbing news..

On Wed, Mar 28, 2001 at 03:04:46PM +0100, Simon Williams wrote: > I think their point was that a program could only change permissions > of a file that was owned by the same owner. If a file is owned by a > different user & has no write permissions for any user, the program > can't modify the fil

Re: Disturbing news..

On Wed, Mar 28, 2001 at 04:32:44PM +0200, Romano Giannetti wrote: > But with the new VFS semantics, wouldn't be possible for a MUA to make a > thing like the following: > > spawn a process with a private namespace. Here a minimun subset of the > "real" tree (maybe all / except /dev) is mounted r

Re: Disturbing news..

On Wed, Mar 28, 2001 at 08:15:57AM -0600, Jesse Pollard wrote: > objcopy - copies object files. Object files are not marked executable... objcopy copies executable files as well - check the kernel makefiles for examples. -- Russell King ([EMAIL PROTECTED])The developer of ARM Lin

Re: Disturbing news..

On Wed, 28 Mar 2001, Romano Giannetti wrote: > Now the binary can do much less harm than before, or am I missing something? > It have no access to real user data, but can use the system library and > services without changing anything in the system. You mean, like mailbombing the living hell

Re: Disturbing news..

- Received message begins Here - > > On Wed, Mar 28, 2001 at 06:08:15AM -0600, Jesse Pollard wrote: > > Sure - very simple. If the execute bit is set on a file, don't allow > > ANY write to the file. This does modify the permission bits slightly > > but I don't think it is an u

Re: Disturbing news..

> > > > On Wed, 28 Mar 2001, Jesse Pollard wrote: > > > >Any idea? > > > > Sure - very simple. If the execute bit is set on a file, don't allow > > ANY write to the file. This does modify the permission bits slightly > > but I don't think it is an unreasonable thing to have. > > And how exac

Re: Disturbing news..

Notice: this is my first post to l-k since some bug report as old as 0.99... so please be kind, don't beat me to hard. On Wed, Mar 28, 2001 at 08:25:46AM -0500, Alexander Viro wrote: > If you run untrusted binaries - you are screwed. If you run > them as root - all users on your system are sc

Re: Disturbing news..

Keith Owens <[EMAIL PROTECTED]> > > On Wed, 28 Mar 2001 06:08:15 -0600, > Jesse Pollard <[EMAIL PROTECTED]> wrote: > >Sure - very simple. If the execute bit is set on a file, don't allow > >ANY write to the file. This does modify the permission bits slightly > >but I don't think it is an unreaso

Re: Disturbing news..

On Wed, Mar 28, 2001 at 06:08:15AM -0600, Jesse Pollard wrote: > Sure - very simple. If the execute bit is set on a file, don't allow > ANY write to the file. This does modify the permission bits slightly > but I don't think it is an unreasonable thing to have. > Are we not then in the somewhat

Re: Disturbing news..

In message , Walter Hofmann <[EMAIL PROTECTED]> writes > > >On Wed, 28 Mar 2001, Jesse Pollard wrote: > >> >Any idea? >> >> Sure - very simple. If the execute bit is set on a file, don't allow >> ANY write to the file. This does modify the permiss

Re: Disturbing news..

Jesse Pollard wrote: > On Wed, 28 Mar 2001, Shawn Starr wrote: > >> Well, why can't the ELF loader module/kernel detect or have some sort of >> restriction on modifying other/ELF binaries including itself from changing >> the Entry point? >> >> There has to be a way stop this. WHY would anyone

Re: Disturbing news..

On Wed, 28 Mar 2001, Shawn Starr wrote: > > http://news.cnet.com/news/0-1003-200-5329436.html?tag=lh > > Isn't it time to change the ELF format to stop this crap? If you run untrusted binaries - you are screwed. If you run them as root - all users on your system are screwed. If your MUA (

Re: Disturbing news..

On Wed, Mar 28, 2001 at 06:08:15AM -0600, Jesse Pollard wrote: > Sure - very simple. If the execute bit is set on a file, don't allow > ANY write to the file. This does modify the permission bits slightly > but I don't think it is an unreasonable thing to have. Even easier method - remove the wri

Re: Disturbing news..

On Wed, 28 Mar 2001, Jesse Pollard wrote: > >Any idea? > > Sure - very simple. If the execute bit is set on a file, don't allow > ANY write to the file. This does modify the permission bits slightly > but I don't think it is an unreasonable thing to have. And how exactly does this help? fchm

Re: Disturbing news..

On Wed, 28 Mar 2001 06:08:15 -0600, Jesse Pollard <[EMAIL PROTECTED]> wrote: >Sure - very simple. If the execute bit is set on a file, don't allow >ANY write to the file. This does modify the permission bits slightly >but I don't think it is an unreasonable thing to have. man strip man objcopy m

Re: Disturbing news..

:16:02 -0500 (EST) >> > From: Shawn Starr <[EMAIL PROTECTED]> >> > To:<[EMAIL PROTECTED]> >> > Subject: Disturbing news.. >> > >> > http://news.cnet.com/news/0-1003-200-5329436.html?tag=lh >> > Isn't it time to ch

Re: Disturbing news..

Shawn Starr wrote: > > http://news.cnet.com/news/0-1003-200-5329436.html?tag=lh > > Isn't it time to change the ELF format to stop this crap? > Nothing to worry about. A sane distribution have all executables installed read-only and owned by root or some non-user. Email appliacations and fil

Re: Disturbing news..

01:16:02 -0500 (EST) > > From: Shawn Starr <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Disturbing news.. > > > > http://news.cnet.com/news/0-1003-200-5329436.html?tag=lh > > Isn't it time to change the ELF format to stop this crap

Re: Disturbing news..

On Wed, Mar 28, 2001 at 01:16:02AM -0500, Shawn Starr wrote: > Date: Wed, 28 Mar 2001 01:16:02 -0500 (EST) > From: Shawn Starr <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Disturbing news.. > > http://news.cnet.com/news/0-1003-200-5329436.html?tag=lh

Re: Disturbing news.. Idea

Why not make a new file permission? to deny a ELF binary the ability to modify the ELF entry point? like +p if the file had +p (by default) the kernel would deny the ELF binary the ability to modify files. Shawn. On Wed, 28 Mar 2001, Shawn Starr wrote: > > http://news.cnet.com/news/0-1003-20

Disturbing news..

http://news.cnet.com/news/0-1003-200-5329436.html?tag=lh Isn't it time to change the ELF format to stop this crap? Shawn. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majo