|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: response to the bugtraq report of buffer overruns in imapd LISTcommand
From: Peter da Silva (peter
GRENDEL.ENG.BAILEYNM.COM)Date: Mon Apr 17 2000 - 21:09:40 CDT
- Next message: Mark Crispin: "Re: response to the bugtraq report of buffer overruns in imapd LIST command"
- Previous message: Iván Arce: "Cooments on the dvwssr.dll vulnerability threads"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In article <MailManager.956006273.15421.mrcikkoku-kan.panda.com>,
Mark Crispin <MRCCAC.WASHINGTON.EDU> wrote:
> If you have a "closed" system (which is the only type of system where this bug
> matters), a much better solution is to insert the following instruction in
> routine pw_login() in env_unix.c:
> if (chroot (home ? home : ANONYMOUSHOME)) chroot ("/tmp");
(1) Shouldn't this be:
if (chroot (home ? home : ANONYMOUSHOME)) log_fatal_error_and_exit;
(2) Being able to execute arbitrary code on a TCP/IP-connected system, even
from a chrooted "jail", may be worthwhile. One can mount attacks on other
systems, possibly in a DMZ, and at any rate get another host to run DDOS
software on.
(3) Defense in depth. If you find a hole, you close it, that way any hole
behind this one can't be exploited.
> Another important measure is to use StackGuard. I am very surprised at the
> implication that RedHat doesn't use StackGuard. Is that really true?
StackGuard is another example of defense-in-depth.
- Next message: Mark Crispin: "Re: response to the bugtraq report of buffer overruns in imapd LIST command"
- Previous message: Iván Arce: "Cooments on the dvwssr.dll vulnerability threads"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]