1 |
¿What can't you understand that you CAN translate one exploit in C in perl? |
2 |
|
3 |
Are you joking? any user can write in their home directories their own |
4 |
perl exploits. You can't restrict that. You can only restrict them |
5 |
under rbac which scripts can be interpreted even for root, removing |
6 |
execution to perl binary doesn't solve anything, because root can |
7 |
still using it. |
8 |
|
9 |
I think that you don't understand the term rbac, rbac removes root. |
10 |
ROOT doesn't exists anymore. |
11 |
Before talking what rbac does or not first read a bit what is it |
12 |
because you don't understand it. Here you has info: |
13 |
|
14 |
csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf |
15 |
|
16 |
Comparing DAC with RBAC is simply stupid. |
17 |
|
18 |
Daemons chrooted can still uploading untrusted code and get it |
19 |
executed with posibility of privilege scalation even on root jail. |
20 |
|
21 |
Telling me that you dont find sense of rbac in servers you told me |
22 |
everything, this gives fine grained access controls, less privileges |
23 |
approach without getting one full privilege approach for one part of |
24 |
daemon (those permited to SUID to inner user in the daemon and to bind |
25 |
to port < 1024 so before dropping) |
26 |
With rbac a bug in the privilege code of a daemon doesn't grant access |
27 |
to for example /etc/shadow it's confined, this does not happen |
28 |
necessary under servers even under chroot. |
29 |
|
30 |
The openbsd kernel maybe more secure but read it is as horrible as to |
31 |
read one economist reference book. I have never seen so many if UID |
32 |
!=0 in so many different places in so many different functions as in |
33 |
its kernel, maybe it's one of the lonely systems that read the source |
34 |
code in assembler is easier even than read it in source C code. |
35 |
Granularity is a word that openbsd developers seems to have forgotten |
36 |
in their vocabulary and the word "comment the code" too. |
37 |
|
38 |
Have you read it? or you have this idea about the goodeness about |
39 |
their code because you read it in some web page? |
40 |
|
41 |
Systrace is so dead that his hair is kilometers of long, when did they |
42 |
do the last modification of their source code? in the 18th century?, |
43 |
you confuse even too rbac with systrace, systrace is not an rbac it |
44 |
just controls only which syscalls can a binary make, no granularity at |
45 |
all. |
46 |
|
47 |
Please repite with me: C exploits could be translated into perl. Any |
48 |
user can write their own exploit in their home directory and with only |
49 |
this sillyness execute it: scriptkiddie@hell:~$/bin/perl |
50 |
./mysuidpreferedexploit. |
51 |
|
52 |
No need to execute privileges just only read one, users can know |
53 |
howto write perl code. Users can use functions in perl or in python, |
54 |
so users can do everything they want without getting execute priv and |
55 |
only with a write permission to some directory (/tmp and |
56 |
/home/hisdir). This can only be controlled with an RBAC approach |
57 |
nothing more. |
58 |
|
59 |
And not is not a bug perl, is using perl to write exploits they are |
60 |
different questions. |
61 |
|
62 |
2011/12/12 Kevin Chadwick <ma1l1ists@××××××××.uk>: |
63 |
> On Mon, 12 Dec 2011 18:38:28 +0100 |
64 |
> Javier Juan Martínez Cabezón wrote: |
65 |
> |
66 |
>> Now please tell me how under this circunstances could root to make nothing. |
67 |
> |
68 |
> What are you asking? |
69 |
> |
70 |
> The heart of the OS is the kernel. The OpenBSD kernel is more secure |
71 |
> and always will be full stop because that is their main aim. Think about |
72 |
> the exploits in the Linux kernel for all those years whilst they were |
73 |
> present someone could have been exploiting them and still untill the |
74 |
> next one is added and/or found, one of them can likely bypass RBAC. |
75 |
> Restrictions upon root on OpenBSD have been shown to be bypassable |
76 |
> locally on Pentium >2s via cpu management mode by a root user, it's |
77 |
> still difficult. Therefore I try to use certain hardware and will still |
78 |
> use chflags sappnd etc.. |
79 |
> |
80 |
> Your example about execution can be controlled via file permissions, if |
81 |
> someone allows arbitrary running as root, RBAC or not that is dumb. |
82 |
> Your daemons should be chrooted as normal users so for servers rbac |
83 |
> means very little to me but I would use it if I ran Linux servers and |
84 |
> am planning to use it on my Linux desktops and OpenBSD would likely code |
85 |
> it if they had many more developers and got lots of the other stuff they |
86 |
> want done and couldn't find any more bugs. They certainly wouldn't |
87 |
> refuse a working and well written patch. For desktops or more |
88 |
> exploitable systems rbac gains some weight, so does systrace but all |
89 |
> these tools are good things (don't mention the races in systrace |
90 |
> because I'm not interested and it's still useful) and RAWIO is off by |
91 |
> default on OpenBSD. |
92 |
> |
93 |
> Perl can only execute binaries on the system that are there and some |
94 |
> will on a large install contain local exploits or bugs which can be |
95 |
> reduced and fixed but not those introduced by users which could be far |
96 |
> more easily exploited and you can't even hope to prevent that. If you |
97 |
> can exploit the system through perl then that is a perl bug. If perl |
98 |
> scripts are a problem chmod it 750 and/or systrace it or rbac it. Next |
99 |
> you'll be telling me about physical security and bios batteries, well |
100 |
> physical security can exist and lets stop now as it is all irrelevent |
101 |
> and I'm sure everyone here is bored to death of the OpenBSD vs RBAC or |
102 |
> PAX topic. |
103 |
> |
104 |
> All of this comes down to more is better and noexec mounts are one of |
105 |
> those blanket tools possibly with effective grsec logging. Exec logging |
106 |
> is usually too much to handle. |
107 |
> |
108 |
> Also many exploits only do one particular thing, so dismissal like this |
109 |
> is simply wrong and part of the problem. In fact I remember Linux being |
110 |
> criticised for execution on downloads, the best answer was noexec should |
111 |
> be used. There is also the possibility of users loading up limewire |
112 |
> etc.. |
113 |
> |