On Thu, 22 Sep 2005 [email protected] wrote:
> Hi people,
>
> I'm doing a new feature for linux kernel 2.6 to protect against all kinds of buffer
> overflow. It works with new sys_control() system call controling if a process can or can't
> call a system call ie. sys_execve();
>
Are you aware that there are very few 'built-in' commands in
any of the shells? If a user can't execute anything, the
user can't do anything.
If you think that this will protect against improperly-written
daemons, and things that never exec anything, you are wrong.
The place to fix bad code is in the code.
> You can do it using /bin/sys_control <pid> <enable or not system call>
> <eax of system call> <secret number>
This is a joke, right?
> for process that never call for example sys_execve(), setuid()
> ( you must need specify each eax for each system call) and use
> some functions in sys_control.h like lock_execve(n)
> and unlock_execve(n), where n is a secret number defined in sysctl.
> With this functions you will use system calls only when you need.
> All shellcodes that use system calls like sys_execve() sys_setuid()
> will not work with this feature.
What will they do? I try to execute `ls`, the kernel says I can't
fork and exec `/bin/ls`. So, do I get killed, logged out? The
shells handle errors in different ways. There is a big difference
between how bash handles ENOENT (No such file or directory) and
ENOSYS (Function not implimented).
>
> I think it can be an option in linux kernel.
>
> Questions .. suggestions.
>
> Thanks
>
I think this is just another ruse to attempt to get the system
call table exported, something you don't need to do in order
to replace any of its elements. Am I guessing correctly?
> Breno at kalangolinux.org
>
Cheers,
Dick Johnson
Penguin : Linux version 2.6.13 on an i686 machine (5589.55 BogoMips).
Warning : 98.36% of all statistics are fiction.
****************************************************************
The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [email protected] - and destroy all copies of this information, including any attachments, without reading or disclosing them.
Thank you.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |