Re: stack protection
On Sat, Aug 23, 2003 at 11:36:04AM +0200, Milan P. Stanic wrote:
| > Allowing the dhcp server to write to /dev/mem because it's UID 0 and Unix
| > security sucks is a bug.
|
| The problem isn't with UID 0, but with bugs in software.
No. The problem is an insecure design that forces the DHCP server to
have root priviledges. A finer-grained security would give the DHCP
server /just/ enough rights to send and receive the network packets it
wants and only fiddle with the files that it actually needs
(/var/lib/dhcp/....).
| I think that the problem cannot be solved in wrong place. It isn't
| possible to have secure DHCP server by fixing kernel, but by writing
| secure (OK, with less bugs) DHCP server.
A kernel with the ability to lock down processes even further would mean
that a buggy DHCP server couldn't be exploited to e.g. scribble all over
/dev/mem. This is what systems like grsecurity or SE Linux are trying
to do. Which is not to say that less-buggy software is a bad goal; but
the reality is that programmers are human, and /do/ make mistakes.
Cameron.
Reply to: