[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Please Unsubscribe me

-----Original Message-----
From: Sharad Joshi [mailto:sharad.joshi@xxxxxxxxx]
Sent: Monday, July 31, 2000 1:02 PM
To: omicron@xxxxxxx
Cc: linux-india-programmers@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [LIP] daemons

+ 	i am doing a script that acts like a daemon and kills of a user
+ who tries buffer overflow exploits. unfortunately, it is too dumb. it
+ kills all the setuid processes a user executes. So, my question is how do
+ i make a program differentiate between a normal setuid program ( chfn,
+ passwd ) and a buffer overflow exploit ( pam.sh , sendmail exploit ) ?

That should be a fabulous script, boss. Could you please shed some more 
light on how would the script know if a genuine buffer exploit is 
happening? Trying to figure out somehow if someone is running something
'setuid' eh..?

I think you can do this:

- Club all setuid progs in a common directory.
- Dont mark this directory in '$PATH' so that the user has to explicitely
  name whole path for invoking a prog.
- when a user tries to launch some other thing, not in this list (match
  the command line, you kill that. You can check gid, egid, too.

This is just a trivial thing, not much secure.


LIP is all for free speech.  But it was created for a purpose - to help
people discuss technical programming related issues about Linux.  If
your messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.