Re: libsafe and Debian installation
On Wed, Apr 24, 2002 at 04:30:53PM +0200, Jeroen Dekkers wrote:
> On Tue, Apr 23, 2002 at 05:20:13PM -0500, Colin Watson wrote:
> > On Tue, Apr 23, 2002 at 05:33:00PM +0200, Jeroen Dekkers wrote:
> > > If you don't give any permissions to some code running, it can't be a
> > > security problem if there are bugs.
> >
> > Not true. If I crack your FTP server and subvert it into serving content
> > it wasn't intended to serve, then that's a security breach. Whether I
> > managed to gain root privileges too is a separate issue.
>
> If you don't give write access to the content, it can't modify
> that. Of course you could let it serve other content in theory, but in
> practice it's a lot more difficult (and maybe impossible, but I'm not
> sure about that, as I don't know all the small details and how clever
> things you can do). If possible the impact would be smaller, because
> it's impossible to modify the files.
Once you have access to the uid under which the server is running you
can do whatever you like to it, including modifying all the content
passing through it by wrapping all its read() or write() calls. Even if
you can't restart the process, playing around with it with the aid of
ptrace() is merely fiddly.
Moving from remote to local is not perhaps as obviously dangerous as
moving from ordinary user to root user, but it should never be discarded
as a threat.
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: