Re: Debian Stable server hacked
On Wed, Aug 13, 2003 at 04:02:41PM -0400, Colin Walters wrote:
> Why? Because SELinux doesn't solely associate security with executable
> pathnames. If someone takes over control of the apache process via a
> buffer overflow or whatever, they don't need /bin/ls to list a
> directory; they can just as easily use the opendir/readdir/stat system
> calls. Likewise, they don't need /bin/mount to mount filesystems; they
> can just as easily use the mount syscalls.
> So the whole grsecurity ACL system seems very weak in that respect.
grsec handles this by allowing you to restrict Linux capabilities for a
process. For example, there's no reason /usr/sbin/apache should have
access to CAP_SYS_ADMIN (allows mount/umount, amongst other things) or
CAP_SYS_PTRACE (run ptrace) or many others.
Anyway, since grsec uses PaX, it's very unlikely that anyone will "take
control" of apache through a buffer overflow. ;-)