[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: stack protection

On Sat, Aug 23, 2003 at 11:36:04AM +0200, Milan P. Stanic wrote:

| > Allowing the dhcp server to write to /dev/mem because it's UID 0 and Unix 
| > security sucks is a bug.
| 
| The problem isn't with UID 0, but with bugs in software.

No.  The problem is an insecure design that forces the DHCP server to
have root priviledges.  A finer-grained security would give the DHCP
server /just/ enough rights to send and receive the network packets it
wants and only fiddle with the files that it actually needs
(/var/lib/dhcp/....).

| I think that the problem cannot be solved in wrong place. It isn't
| possible to have secure DHCP server by fixing kernel, but by writing
| secure (OK, with less bugs) DHCP server.

A kernel with the ability to lock down processes even further would mean
that a buggy DHCP server couldn't be exploited to e.g. scribble all over
/dev/mem.  This is what systems like grsecurity or SE Linux are trying
to do.  Which is not to say that less-buggy software is a bad goal; but
the reality is that programmers are human, and /do/ make mistakes.

Cameron.
Reply to: