In article <[EMAIL PROTECTED]>,
Mark Crispin <[EMAIL PROTECTED]> wrote:
> If you have a "closed" system (which is the only type of system where this bug
> matters), a much better solution is to insert the following instruction in
> routine pw_login() in env_unix.c:
> if (chroot (home ? home : ANONYMOUSHOME)) chroot ("/tmp");
(1) Shouldn't this be:
if (chroot (home ? home : ANONYMOUSHOME)) log_fatal_error_and_exit;
(2) Being able to execute arbitrary code on a TCP/IP-connected system, even
from a chrooted "jail", may be worthwhile. One can mount attacks on other
systems, possibly in a DMZ, and at any rate get another host to run DDOS
software on.
(3) Defense in depth. If you find a hole, you close it, that way any hole
behind this one can't be exploited.
> Another important measure is to use StackGuard. I am very surprised at the
> implication that RedHat doesn't use StackGuard. Is that really true?
StackGuard is another example of defense-in-depth.
