Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: Re: Security Problems in XMCD 2.1

Re: Security Problems in XMCD 2.1

Alan Cox (alanlxorguk.ukuu.org.uk)
Wed, 27 Nov 1996 20:10:35 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: itudps: "Re: BOOTP/DHCP security"
Previous message: itudps: "Re: BOOTP/DHCP security"
In reply to: Jim Dennis: "Re: Security Problems in XMCD 2.1"
Next in thread: repaynejeeves.net: "Re: Security Problems in XMCD 2.1"

>         However, what attracted me to this package
>         was the optional MD5 check on your binary after
>         the ACL is verified and before the su/execution.

Better I think to alter your OS binary loader so that it looks for an
extra ELF 'MD5 signed' tag and checks it against a kernel specific key
you load. Any binary not matching it thats run uid < somevalue just
doesnt run setuid. I'd be tempted to extend that to doesnt run so you
had only a small subset of root runnable as root binaries.

Alan

Next message: itudps: "Re: BOOTP/DHCP security"
Previous message: itudps: "Re: BOOTP/DHCP security"
In reply to: Jim Dennis: "Re: Security Problems in XMCD 2.1"
Next in thread: repaynejeeves.net: "Re: Security Problems in XMCD 2.1"