Re: Another local exploit

From: Mike Tibor <tibor@tibor.org>
Date: Mon Jul 17 2006 - 07:57:11 AKDT

On Sat, 15 Jul 2006, Oliver Savage wrote:

> Following this thread
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
> a suggestion was made to; "Mount /proc as nosuid."
>
> I haven't really mucked with SUID settings before, although the hour
> worth of reading I have done because of this seems worthwhile. Someone
> else on the list may have better instructions, and may better know the
> side effects of setting /proc to nosuid. You are warned that this
> advice comes from an SUID amatuer, please someone tell me if this is
> not a good idea, or if I am doing it wrong.

Mount options seem to be an area of system configuration that seems to be
almost ignored, and it really surprises me. Many parts of the system can
be split off into their own filesystems and mounted noexec, nodev and/or
nosuid. The most obvious one is to make /tmp its own fs and mount it with
these options, and symlink things like /var/tmp to it (note that for "make
installworld" in FreeBSD you need to unmount /tmp because it wants to put
stuff there that it needs to execute). Even /home can be mounted
nodev,nosuid without problems normally. This certainly isn't anything
new, but oddly enough it really screws with the average script kiddie.

Mike
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jul 17 07:57:24 2006

This archive was generated by hypermail 2.1.8 : Mon Jul 17 2006 - 07:57:25 AKDT