OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Fwd: eth-security : ANNOUNCE : Resources no for ALL
From: Crist J . Clark (cjclarkreflexnet.net)
Date: Wed Oct 04 2000 - 10:47:29 CDT

In the recent flame storms on -security, it may have slipped by when I
was deleting threads and certain authors (who will remain nameless)
without looking at the contents, but I have not seen any mention of
this.

This was posted to BugTraq yesterday. It is a series of patches to
restrict certain information from non-priv'ed users. If they actually
work well (I have not tried them), is there a reason they could not be
added and enabled with a make.conf setting or kernel option or both?
The patches came with no licensing information, so I don't know what
the author is up to. Heck, he may have already provided them to some
committers for a look, I dunno.

Like I said, I did not see anything about this on here and thought
this list would be interested. (BTW, at least when I tried yesterday,
the ftp site given did not have the code, but the http URL worked.)

-------- Original Message --------
Subject: eth-security : ANNOUNCE : Resources no for ALL
Date: Mon, 2 Oct 2000 14:48:57 +0200
From: yeti <y3t1ETH-SECURITY.NET>
Reply-To: yeti <y3t1ETH-SECURITY.NET>
To: BUGTRAQSECURITYFOCUS.COM

                --== Resources Not for All ==--
                           version 1.0

                                by y3t1eth-security.net

-- ===== --
 Overview
-- ===== --

RnA is collection of security improvements for
       - FreeBSD 4.0-RELASE

 Restricted kernel process table and proc filesystem
*---------------------------------------------------*

This patch gives limited access for non-root to process table ,only root
see all process and have access to their entries in proc filesystem.
Permission to directories in proc filesystem is changed
to 550 (dr-xr-x---) .Non-root users can only see own proceses.

some example :

from root console :

pc1:~# ps ax
  PID TT STAT TIME COMMAND
    0 ?? DLs 0:00.01 (swapper)
    1 ?? ILs 0:00.17 /sbin/init --
    2 ?? DL 0:03.64 (pagedaemon)
    3 ?? DL 0:00.00 (vmdaemon)
    4 ?? DL 0:00.01 (bufdaemon)
    5 ?? DL 0:00.54 (syncer)
   25 ?? Is 0:00.00 adjkerntz -i
[...]

from user :

pc1:~$ ps ax
  PID TT STAT TIME COMMAND
  154 v3 Ss 0:00.17 -bash (bash)
  406 v3 R+ 0:00.00 ps ax

 Restricted who/w/last
*---------------------------------------------------*

Restricted who/w/last gives limited access to utmp/wtmp entries.
Users can see only own login to system (no group like w_all,w_grp) ,
but if user is added to group w_grp can see own and group login .
Group w_all is for trusted users that have full read access to utmp/wtmp .

for example :

from root console :

pc1:~# who
root ttyv0 Sep 27 21:32
root ttyv1 Sep 27 20:20
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)
blah ttyp2 Sep 27 20:30 (195.17.21.113)
lump ttyp5 Sep 20 13.56 (63.30.55.243)

from non-root console

pc1:~$ who
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)

from non-root console if user is added to group w_all

pc1:~$ who
root ttyv0 Sep 27 21:32
root ttyv1 Sep 27 20:20
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)
blah ttyp2 Sep 27 20:30 (195.17.21.113)
plum ttyp5 Sep 20 13.56 (63.30.55.243)

from non-root console if user is added to group w_grp

pc1:~$ who
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)
blah ttyp2 Sep 27 20:30 (195.17.21.113)
plum ttyp5 Sep 20 13.56 (63.30.55.243)

Commands w/last are restricted with similar way .

 How to Install
*---------------------------------------------------*

De-tar rna archive

tar xvzf rna.tar.gz

and run

cd RnA/
./RnA

cd /sys/compile/your_kernel_name/
make config
make
make install

cd /usr/src/usr.bin/who
make
make install

cd /usr/src/usr.bin/w
make
make install

cd /usr/src/usr.bin/last
make
make install

Check permission to who/w/last (need sgid uwtmp group) and reboot your system .

  How to get
*---------------------------------------------------*

New version of rna you can get from :

ftp://ftp.eth-security.net/pub/rna.tar.gz
http://www.eth-security.net/files/rna.tar.gz
http://rast.lodz.pdi.net/~y3t1/rna.tar.gz

 Greets
*---------------------------------------------------*

vxmtl.pl - inspirate me to write this patches
z33deth-security.net - b00m b00m b00m ... dawac pieniadze
Admins from
Institute of Physics(Wroclaw) - for testing patches and good diners
                                
all on :

       #sigsegvircnet : z33d,funkySh,Kris,detergent,crashkill,cliph,xfer

and other cool guys

       rastlin,tmoggie,Shadow,Trolinka,lcamtuf,kodzak,venglin,spaceman

----- End forwarded message ----- 

-- 
Crist J. Clark                           cjclarkalum.mit.edu

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message