Hi!
On Wed, Dec 14, 2011 at 04:27:45PM +0100, Javier Juan Martínez Cabezón wrote:
> I told you, with a secure TPE (so scripts fully controlled) tell me
> how to write one kernel exploit under bash without calling external
> code.
How about
$ perl -e 'exploit code here'
or just
$ perl
exploit code here from stdin
Ctrl-D
?
Is your current RBAC configuration prevent this?
As for me, I tend to agree with you about RBAC, but I think to make RBAC
really useful it rules/roles must be provided by software developers -
just like they now provide README and Makefile, because only software
authors actually know which files, devices and syscalls used by their
applications and how these requirements change from version to version.
I've tried different RBAC implementations few times, but got tired fixing
roles and rules - on usual hardened workstation after enabling RBAC (even
after auto-learning mode) everything become broken in many unexpected
ways, and it took too many time to realize each time this isn't a bug in
some software but just RBAC misconfiguration and fixing it. Probably
workstation isn't good place for RBAC. But on most of my servers there are
a lot of perl scripts, and we often add new scripts, and writing RBAC
rules for all of them looks too complicated. Another server must have php,
ftp, many wordpress sites and other php crap - and I can't even imagine
how this can be secured using RBAC.
BTW, while I agree with you about useless 'noexec' for /tmp, it's usually
cheap way to stop few scriptkiddies with default exploits, so there is no
harm in using it. And no real harm in don't using it.
--
WBR, Alex.
