Re: hardening BSD (was systrace/stsh policies)

2007-10-17 Thread Theo de Raadt
> Unless I am sorely mistaken, systrace can be broken by any user with > enough priviliges to run two processes. Well, then you are sorely mistaken. One of your processes can break the other one. What's the big deal. Where's the priviledge escalation? There is none. You overstate the situatio

Re: hardening BSD (was systrace/stsh policies)

2007-10-17 Thread Joachim Schipper
On Mon, Oct 15, 2007 at 09:30:02PM -0500, Aaron wrote: > The types of machines I will be running (...) I run pf [on my > workstation] and only allow pass out w/return traffic allowed, no > services at all) will be single or dual purpose servers.. i.e. http, > smtp, imap etc, not machines that are r

Re: hardening BSD (was systrace/stsh policies)

2007-10-15 Thread Aaron
Aaron wrote: Joachim Schipper wrote: On Thu, Oct 11, 2007 at 08:54:42PM +0200, Xavier Mertens wrote: Hi *, I'm busy with a systrace/stsh implementation but there is a lack of standard policies (IMHO). Any idea where I can find some ready-to-use policies? I must be missing some important o

Re: hardening BSD (was systrace/stsh policies)

2007-10-15 Thread Joachim Schipper
On Sun, Oct 14, 2007 at 03:27:20PM -0500, Aaron wrote: > I hope i'm not out of line changing the thread but this seemed like a good > place to ask this question. Not at all, and changing the thread title when changing the thread subjet is a welcome relief from the usual misc@ practice. >I'm

Re: hardening BSD (was systrace/stsh policies)

2007-10-15 Thread Janne Johansson
Eduardo Tongson wrote: Robert Watson's paper discusses concurrency vulnerabilities. Impact include policy bypass and audit trail invalidation. A bypass means it is useless. That pretty much hammered in the last nail on the coffin for security tools based on system call interposition. I actuall

Re: hardening BSD (was systrace/stsh policies)

2007-10-15 Thread Ted Unangst
On 10/14/07, Steve Shockley <[EMAIL PROTECTED]> wrote: > The white paper for the systrace vulnerability was a little bit beyond > me; what's the impact of the issue? Is a system running systrace *more* > vulnerable than a normal system, or is the problem just that a > determined user can circumven

Re: hardening BSD (was systrace/stsh policies)

2007-10-15 Thread Nick Guenther
On 10/15/07, Eduardo Tongson <[EMAIL PROTECTED]> wrote: > > Robert Watson's paper discusses concurrency vulnerabilities. Impact > include policy bypass and audit trail invalidation. A bypass means it > is useless. That pretty much hammered in the last nail on the coffin > for security tools based o

Re: hardening BSD (was systrace/stsh policies)

2007-10-14 Thread Eduardo Tongson
Robert Watson's paper discusses concurrency vulnerabilities. Impact include policy bypass and audit trail invalidation. A bypass means it is useless. That pretty much hammered in the last nail on the coffin for security tools based on system call interposition. On 10/15/07, Steve Shockley <[EMAIL

Re: hardening BSD (was systrace/stsh policies)

2007-10-14 Thread Francesco Toscan
2007/10/14, Aaron <[EMAIL PROTECTED]>: > I guess with all the hoopla about 'hardening'/trusted this and > that/fuzzy knobs(i.e. SE Linux) i got a little overzealous looking for As others have already pointed out these knobs might not be useful to your setup and your needs. Think also that more

Re: hardening BSD (was systrace/stsh policies)

2007-10-14 Thread Steve Shockley
Joachim Schipper wrote: You should probably do a Google search on systrace before continuing further down this road. In particular, I believe the issue highlighted by Robert Watson has not been fixed yet (although I could be wrong, and would be happy to be wrong in this case). The white paper f

Re: hardening BSD (was systrace/stsh policies)

2007-10-14 Thread Darren Spruell
On 10/14/07, Aaron <[EMAIL PROTECTED]> wrote: [snip] > I guess with all the hoopla about 'hardening'/trusted this and > that/fuzzy knobs(i.e. SE Linux) i got a little overzealous looking for > ways to tweak things (which i know can end up either making things less > secure (especially with fa

hardening BSD (was systrace/stsh policies)

2007-10-14 Thread Aaron
Joachim Schipper wrote: On Thu, Oct 11, 2007 at 08:54:42PM +0200, Xavier Mertens wrote: Hi *, I'm busy with a systrace/stsh implementation but there is a lack of standard policies (IMHO). Any idea where I can find some ready-to-use policies? I must be missing some important ones, when the u