Re: [gentoo-dev] Making procfs mount as nosuid,noexec by default
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Drake wrote: Hi, The local root exploit-of-the-week would have been unable to run if our users systems had /proc mounted with nosuid and/or noexec It would be worthwhile considering making this a default. What are people's thoughts? Additional testing of this change would be appreciated (just ensure that nothing breaks). To do it as a one off: # mount -o remount,nosuid,noexec /proc To make it more permanent, /etc/fstab has: proc/procprocdefaults0 0 Change to: proc/procprocnosuid,noexec0 0 Is there an open bug or security advisory for this exploit I missed? I tried the CLI solution; works just fine here. No wild behavior so far. Any suggestions on what to look for, or how to really hammer /proc? :) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEufPcrsJQqN81j74RAjHhAJ9wbrRi/h8b603Ra8W6F5uk0biDVACcCy62 WX+lVNRJoJNTLAG2wxg9Mlc= =RVRq -END PGP SIGNATURE- -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Making procfs mount as nosuid,noexec by default
On Sunday 16 July 2006 10:07, Josh Saddler wrote: Daniel Drake wrote: Hi, The local root exploit-of-the-week would have been unable to run if our users systems had /proc mounted with nosuid and/or noexec It would be worthwhile considering making this a default. What are people's thoughts? Additional testing of this change would be appreciated (just ensure that nothing breaks). To do it as a one off: # mount -o remount,nosuid,noexec /proc To make it more permanent, /etc/fstab has: proc/procprocdefaults0 0 Change to: proc/procprocnosuid,noexec0 0 Is there an open bug or security advisory for this exploit I missed? I tried the CLI solution; works just fine here. No wild behavior so far. Any suggestions on what to look for, or how to really hammer /proc? :) There is bug #140444. -- Christian Heim [EMAIL PROTECTED] Gentoo Linux Developer You're friendly kernel/vserver/openvz monkey pgprzHAECSrPq.pgp Description: PGP signature
Re: [gentoo-dev] Making procfs mount as nosuid,noexec by default
Ned Ludd [EMAIL PROTECTED] wrote: Not 100% sure about the noexec part as that might break upx which calls /proc/self/exe as part of it's decompresser routines. /proc/self/exe is a symlink, and the permissions of symlinks aren't used for anything. It's less than trivial (and I think impossible) to set them to anything but 0777. In any case, the noexec option only affects regular files. Directories, for example, also keep their execute flags. -- Batou: Hey, Major... You ever hear of human rights? Kusanagi: I understand the concept, but I've never seen it in action. --Ghost in the Shell pgpcnpS4G3iIn.pgp Description: PGP signature
Re: [gentoo-dev] Making procfs mount as nosuid,noexec by default
On Sat, 2006-07-15 at 15:20 -0400, Mike Frysinger wrote: On Saturday 15 July 2006 13:41, Ned Ludd wrote: On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote: The local root exploit-of-the-week would have been unable to run if our users systems had /proc mounted with nosuid and/or noexec It would be worthwhile considering making this a default. What are people's thoughts? I mailed Mike about this very thing a month ago. Pretty sure it should be showing up in an upcoming baselayout. But yeah it's a good idea for the nosuid part anyway. Not 100% sure about the noexec part as that might break upx which calls /proc/self/exe as part of it's decompresser routines. this will be in baselayout-1.12.2+ Great. I'm guessing I should artificially bump 1.12.1 with a revision in my snapshot for 2006.1 or we'll end up not having fixed much. -- Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux signature.asc Description: This is a digitally signed message part
[gentoo-dev] Making procfs mount as nosuid,noexec by default
Hi, The local root exploit-of-the-week would have been unable to run if our users systems had /proc mounted with nosuid and/or noexec It would be worthwhile considering making this a default. What are people's thoughts? Additional testing of this change would be appreciated (just ensure that nothing breaks). To do it as a one off: # mount -o remount,nosuid,noexec /proc To make it more permanent, /etc/fstab has: proc/proc procdefaults0 0 Change to: proc/proc procnosuid,noexec 0 0 Thanks, Daniel -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Making procfs mount as nosuid,noexec by default
On Sat, 2006-07-15 at 13:41 -0400, Ned Ludd wrote: On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote: Hi, The local root exploit-of-the-week would have been unable to run if our users systems had /proc mounted with nosuid and/or noexec It would be worthwhile considering making this a default. What are people's thoughts? I mailed Mike about this very thing a month ago. Pretty sure it should be showing up in an upcoming baselayout. But yeah it's a good idea for the nosuid part anyway. Not 100% sure about the noexec part as that might break upx which calls /proc/self/exe as part of it's decompresser routines. Tested it using a and it seems safe across the board. upx,busybox and other multicall binaries seem quite content. Linus also recently suggested that the same be done in the kernel directly via the proc_fill_super() function. This seems like an ideal route to go for us as it would get inherited by all the existing users who wont notice the change in the default fstab file. -- Ned Ludd [EMAIL PROTECTED] Gentoo Linux -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Making procfs mount as nosuid,noexec by default
On Saturday 15 July 2006 13:41, Ned Ludd wrote: On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote: The local root exploit-of-the-week would have been unable to run if our users systems had /proc mounted with nosuid and/or noexec It would be worthwhile considering making this a default. What are people's thoughts? I mailed Mike about this very thing a month ago. Pretty sure it should be showing up in an upcoming baselayout. But yeah it's a good idea for the nosuid part anyway. Not 100% sure about the noexec part as that might break upx which calls /proc/self/exe as part of it's decompresser routines. this will be in baselayout-1.12.2+ -mike pgpmAsZg73PIb.pgp Description: PGP signature
Re: [gentoo-dev] Making procfs mount as nosuid,noexec by default
Daniel Drake wrote: Hi, The local root exploit-of-the-week would have been unable to run if our users systems had /proc mounted with nosuid and/or noexec It would be worthwhile considering making this a default. What are people's thoughts? Additional testing of this change would be appreciated (just ensure that nothing breaks). To do it as a one off: # mount -o remount,nosuid,noexec /proc To make it more permanent, /etc/fstab has: proc/procprocdefaults0 0 Change to: proc/procprocnosuid,noexec0 0 Thanks, Daniel Daniel, Turns out that yesterday after we talked about this. I've been running one of my boxes like that for ages. So far so good. -- Doug Goldstein [EMAIL PROTECTED] http://dev.gentoo.org/~cardoe/ signature.asc Description: OpenPGP digital signature