[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: daemons

To: omicron@xxxxxxx
Subject: Re: daemons
From: "Sharad Joshi" <sharad.joshi@xxxxxxxxx>
Date: Mon, 31 Jul 2000 10:31:59 +0530 (IST)
Cc: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.21.0007291547340.3293-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Sharad Joshi <sharad.joshi@xxxxxxxxx>

+ 	i am doing a script that acts like a daemon and kills of a user
+ who tries buffer overflow exploits. unfortunately, it is too dumb. it
+ kills all the setuid processes a user executes. So, my question is how do
+ i make a program differentiate between a normal setuid program ( chfn,
+ passwd ) and a buffer overflow exploit ( pam.sh , sendmail exploit ) ?

That should be a fabulous script, boss. Could you please shed some more 
light on how would the script know if a genuine buffer exploit is 
happening? Trying to figure out somehow if someone is running something
'setuid' eh..?

I think you can do this:

- Club all setuid progs in a common directory.
- Dont mark this directory in '$PATH' so that the user has to explicitely
  name whole path for invoking a prog.
- when a user tries to launch some other thing, not in this list (match
  the command line, you kill that. You can check gid, egid, too.

This is just a trivial thing, not much secure.

HTH,
Sharad.

Follow-Ups:
- Re: daemons
  - From: Dwivedi Ajay kumar

References:
- daemons
  - From: omicron

Prev by Subject: daemons
Next by Subject: Re: daemons
Previous by thread: daemons
Next by thread: Re: daemons
Index(es):
- Subject
- Thread