| 1 |
¿What can't you understand that you CAN translate one exploit in C in perl? |
| 2 |
|
| 3 |
Are you joking? any user can write in their home directories their own |
| 4 |
perl exploits. You can't restrict that. You can only restrict them |
| 5 |
under rbac which scripts can be interpreted even for root, removing |
| 6 |
execution to perl binary doesn't solve anything, because root can |
| 7 |
still using it. |
| 8 |
|
| 9 |
I think that you don't understand the term rbac, rbac removes root. |
| 10 |
ROOT doesn't exists anymore. |
| 11 |
Before talking what rbac does or not first read a bit what is it |
| 12 |
because you don't understand it. Here you has info: |
| 13 |
|
| 14 |
csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf |
| 15 |
|
| 16 |
Comparing DAC with RBAC is simply stupid. |
| 17 |
|
| 18 |
Daemons chrooted can still uploading untrusted code and get it |
| 19 |
executed with posibility of privilege scalation even on root jail. |
| 20 |
|
| 21 |
Telling me that you dont find sense of rbac in servers you told me |
| 22 |
everything, this gives fine grained access controls, less privileges |
| 23 |
approach without getting one full privilege approach for one part of |
| 24 |
daemon (those permited to SUID to inner user in the daemon and to bind |
| 25 |
to port < 1024 so before dropping) |
| 26 |
With rbac a bug in the privilege code of a daemon doesn't grant access |
| 27 |
to for example /etc/shadow it's confined, this does not happen |
| 28 |
necessary under servers even under chroot. |
| 29 |
|
| 30 |
The openbsd kernel maybe more secure but read it is as horrible as to |
| 31 |
read one economist reference book. I have never seen so many if UID |
| 32 |
!=0 in so many different places in so many different functions as in |
| 33 |
its kernel, maybe it's one of the lonely systems that read the source |
| 34 |
code in assembler is easier even than read it in source C code. |
| 35 |
Granularity is a word that openbsd developers seems to have forgotten |
| 36 |
in their vocabulary and the word "comment the code" too. |
| 37 |
|
| 38 |
Have you read it? or you have this idea about the goodeness about |
| 39 |
their code because you read it in some web page? |
| 40 |
|
| 41 |
Systrace is so dead that his hair is kilometers of long, when did they |
| 42 |
do the last modification of their source code? in the 18th century?, |
| 43 |
you confuse even too rbac with systrace, systrace is not an rbac it |
| 44 |
just controls only which syscalls can a binary make, no granularity at |
| 45 |
all. |
| 46 |
|
| 47 |
Please repite with me: C exploits could be translated into perl. Any |
| 48 |
user can write their own exploit in their home directory and with only |
| 49 |
this sillyness execute it: scriptkiddie@hell:~$/bin/perl |
| 50 |
./mysuidpreferedexploit. |
| 51 |
|
| 52 |
No need to execute privileges just only read one, users can know |
| 53 |
howto write perl code. Users can use functions in perl or in python, |
| 54 |
so users can do everything they want without getting execute priv and |
| 55 |
only with a write permission to some directory (/tmp and |
| 56 |
/home/hisdir). This can only be controlled with an RBAC approach |
| 57 |
nothing more. |
| 58 |
|
| 59 |
And not is not a bug perl, is using perl to write exploits they are |
| 60 |
different questions. |
| 61 |
|
| 62 |
2011/12/12 Kevin Chadwick <ma1l1ists@××××××××.uk>: |
| 63 |
> On Mon, 12 Dec 2011 18:38:28 +0100 |
| 64 |
> Javier Juan Martínez Cabezón wrote: |
| 65 |
> |
| 66 |
>> Now please tell me how under this circunstances could root to make nothing. |
| 67 |
> |
| 68 |
> What are you asking? |
| 69 |
> |
| 70 |
> The heart of the OS is the kernel. The OpenBSD kernel is more secure |
| 71 |
> and always will be full stop because that is their main aim. Think about |
| 72 |
> the exploits in the Linux kernel for all those years whilst they were |
| 73 |
> present someone could have been exploiting them and still untill the |
| 74 |
> next one is added and/or found, one of them can likely bypass RBAC. |
| 75 |
> Restrictions upon root on OpenBSD have been shown to be bypassable |
| 76 |
> locally on Pentium >2s via cpu management mode by a root user, it's |
| 77 |
> still difficult. Therefore I try to use certain hardware and will still |
| 78 |
> use chflags sappnd etc.. |
| 79 |
> |
| 80 |
> Your example about execution can be controlled via file permissions, if |
| 81 |
> someone allows arbitrary running as root, RBAC or not that is dumb. |
| 82 |
> Your daemons should be chrooted as normal users so for servers rbac |
| 83 |
> means very little to me but I would use it if I ran Linux servers and |
| 84 |
> am planning to use it on my Linux desktops and OpenBSD would likely code |
| 85 |
> it if they had many more developers and got lots of the other stuff they |
| 86 |
> want done and couldn't find any more bugs. They certainly wouldn't |
| 87 |
> refuse a working and well written patch. For desktops or more |
| 88 |
> exploitable systems rbac gains some weight, so does systrace but all |
| 89 |
> these tools are good things (don't mention the races in systrace |
| 90 |
> because I'm not interested and it's still useful) and RAWIO is off by |
| 91 |
> default on OpenBSD. |
| 92 |
> |
| 93 |
> Perl can only execute binaries on the system that are there and some |
| 94 |
> will on a large install contain local exploits or bugs which can be |
| 95 |
> reduced and fixed but not those introduced by users which could be far |
| 96 |
> more easily exploited and you can't even hope to prevent that. If you |
| 97 |
> can exploit the system through perl then that is a perl bug. If perl |
| 98 |
> scripts are a problem chmod it 750 and/or systrace it or rbac it. Next |
| 99 |
> you'll be telling me about physical security and bios batteries, well |
| 100 |
> physical security can exist and lets stop now as it is all irrelevent |
| 101 |
> and I'm sure everyone here is bored to death of the OpenBSD vs RBAC or |
| 102 |
> PAX topic. |
| 103 |
> |
| 104 |
> All of this comes down to more is better and noexec mounts are one of |
| 105 |
> those blanket tools possibly with effective grsec logging. Exec logging |
| 106 |
> is usually too much to handle. |
| 107 |
> |
| 108 |
> Also many exploits only do one particular thing, so dismissal like this |
| 109 |
> is simply wrong and part of the problem. In fact I remember Linux being |
| 110 |
> criticised for execution on downloads, the best answer was noexec should |
| 111 |
> be used. There is also the possibility of users loading up limewire |
| 112 |
> etc.. |
| 113 |
> |
Archives