From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RaD4U-0007PZ-Fd for garchives@archives.gentoo.org; Mon, 12 Dec 2011 21:06:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4D05821C271; Mon, 12 Dec 2011 21:05:48 +0000 (UTC) Received: from mail-yx0-f181.google.com (mail-yx0-f181.google.com [209.85.213.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 82BD521C267 for ; Mon, 12 Dec 2011 21:04:31 +0000 (UTC) Received: by yenm3 with SMTP id m3so5354294yen.40 for ; Mon, 12 Dec 2011 13:04:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Y5l2yV8h16QmCz4XCni+3bymBqifnGHXulpnSdBBgxM=; b=u61aWgXNae0g2sMvjRizjxL3J3p6d2ZBYvWRv2Sxf4Fq71rVmQW4swwxxZE6P30/x6 0TlfampMdyiBOJI+NnVNcLVftlZY6IvVzd2HL78HYFF2rIG4fJ8RPpucDnAoRFvCK3Lz 8vrPJGnKTevSLOwIPQAQBqWO9lAEzV9RI0+TI= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.236.192.135 with SMTP id i7mr29903836yhn.13.1323723870972; Mon, 12 Dec 2011 13:04:30 -0800 (PST) Received: by 10.52.113.197 with HTTP; Mon, 12 Dec 2011 13:04:30 -0800 (PST) In-Reply-To: <20111212201947.07a53c35.ma1l1ists@yahoo.co.uk> References: <4EE3BE6B.6050507@libertytrek.org> <20111210145204.39ec9cba@khorne.mthode.org> <20111211101851.GA1810@gentoo.org> <20111211122043.GD1990@home.power> <20111211142519.GA12313@gentoo.org> <20111211145302.GE1990@home.power> <20111211200846.85ac1405.ma1l1ists@yahoo.co.uk> <4EE5EBDE.2090400@gentoo.org> <20111212133800.7780175b.ma1l1ists@yahoo.co.uk> <20111212140825.73b06f80.ma1l1ists@yahoo.co.uk> <20111212164407.f630eba5.ma1l1ists@yahoo.co.uk> <20111212184115.65f27c92.ma1l1ists@yahoo.co.uk> <20111212201947.07a53c35.ma1l1ists@yahoo.co.uk> Date: Mon, 12 Dec 2011 22:04:30 +0100 Message-ID: Subject: Re: [gentoo-hardened] New Server, considering hardened, need pointers to tfm... From: =?ISO-8859-1?Q?Javier_Juan_Mart=EDnez_Cabez=F3n?= To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: b7d9c2d4-0661-4523-aef1-18896c0c46ce X-Archives-Hash: 4e17dcc1ddf28e436b5eb56eda5f33ce > You know you can. No perl binary, or chmod 750 or rbac as I had said. > All exploits are bugs and it should be harder to escalate priviledges > through perl than by introducing your own C. Clear, making use intensive under openbsd as you said. With 750 even with 700 root can stills using it, as in extension any software run by him. It's harder programming in python than in C? in python you can write exploits too, no it isn't harder. Any programmer can do it. > You are simplifying everything, security is a process. Noexec is a > useful tool. How much of what I said did you read. I understand your > points and most security has nothing to do with root. I understand root > can execute files chmodded 000 and I agree that RBAC is useful, the > point is so is noexec and systrace. Noexec is not usefull at all I give you the reason it does not controls scripts interpretation is a false sense of security. Is something like get a not executable stack without pax mprotect, it does nothing alone My system has no root, root has all capabilities in 0, so the same privileges as a normal user has, can't do ptrace to others process, can't read files not our, can't load modules etc etc etc. Every capability is removed. Check rsbac.org. With rbac even root can't access a program he has started. Read about rbac and when you get understood which it offers then told me what it can or what does not offers. Systrace is dead, the project is dead. It does not exists from long ago. > > No it doesn't it restricts root. An exploit may bypass RBAC it may > bypass mount restrictions it may bypass both it may only bypass one, in > which case they are both again useful. > > And OpenBSDs systrace can restrict a lot. System calls are the > hearts heart of an OS. I have said to you that rbac can make impossible to launch untrusted code (even exploits) executed and interpreted as in perl myperlscript. In one of my first mail I pointed you ways in that root can do harm and how rbac can avoid them. Root is not important because root is only important in DAC not in RBAC. Read the link I sen't to you before because you stills not understood this point. Yes an system dead long ago, and not it only do this: after this bind you can only get a listen. It gives not flexibility, granularity at all.