[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] yet another OpenBSD kernel hole ...
On Wed, 19 Nov 2003, email@example.com wrote:
> Because it's a local exploit, it can only happen if a malicious user has
> access to the system anyway.
> Aside from that, perhaps a new security feature can be introduced into
> OpenBSD to (hopefully) stop these things quickly even if they are not known
> about in advance. One possible way is to introduce a feature like
> /etc/shells called /etc/rootbins which lists the programs that may run as
> root. The scheduler can use an assembler routine that does a quick check
> for programs running with uid=0, and if so, something not in /etc/rootbins
> gets killed and root is notified. That's pretty nasty because it would hurt
> system performance, but it's a last ditch resort maybe - I have NO idea if
> it would be workable.
Sounds stupid. An exploit should just overwrite /etc/rootbins in that