[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Stable server hacked

On Wed, Aug 13, 2003 at 04:02:41PM -0400, Colin Walters wrote:
> Why? Because SELinux doesn't solely associate security with executable
> pathnames.  If someone takes over control of the apache process via a
> buffer overflow or whatever, they don't need /bin/ls to list a
> directory; they can just as easily use the opendir/readdir/stat system
> calls.  Likewise, they don't need /bin/mount to mount filesystems; they
> can just as easily use the mount syscalls.
> 
> So the whole grsecurity ACL system seems very weak in that respect.
 
grsec handles this by allowing you to restrict Linux capabilities for a
process.  For example, there's no reason /usr/sbin/apache should have
access to CAP_SYS_ADMIN (allows mount/umount, amongst other things) or
CAP_SYS_PTRACE (run ptrace) or many others.

Anyway, since grsec uses PaX, it's very unlikely that anyone will "take
control" of apache through a buffer overflow. ;-)
Reply to: