[14557] in bugtraq
Re: response to the bugtraq report of buffer overruns in imapd
daemon@ATHENA.MIT.EDU (Peter da Silva)
Tue Apr 18 01:00:23 2000
Message-Id: <200004180209.VAA0000005870@grendel.eng.baileynm.com>
Date: Mon, 17 Apr 2000 21:09:40 -0500
Reply-To: Peter da Silva <peter@GRENDEL.ENG.BAILEYNM.COM>
From: Peter da Silva <peter@GRENDEL.ENG.BAILEYNM.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <MailManager.956006273.15421.mrc@ikkoku-kan.panda.com>
In article <MailManager.956006273.15421.mrc@ikkoku-kan.panda.com>,
Mark Crispin <MRC@CAC.WASHINGTON.EDU> wrote:
> If you have a "closed" system (which is the only type of system where this bug
> matters), a much better solution is to insert the following instruction in
> routine pw_login() in env_unix.c:
> if (chroot (home ? home : ANONYMOUSHOME)) chroot ("/tmp");
(1) Shouldn't this be:
if (chroot (home ? home : ANONYMOUSHOME)) log_fatal_error_and_exit;
(2) Being able to execute arbitrary code on a TCP/IP-connected system, even
from a chrooted "jail", may be worthwhile. One can mount attacks on other
systems, possibly in a DMZ, and at any rate get another host to run DDOS
software on.
(3) Defense in depth. If you find a hole, you close it, that way any hole
behind this one can't be exploited.
> Another important measure is to use StackGuard. I am very surprised at the
> implication that RedHat doesn't use StackGuard. Is that really true?
StackGuard is another example of defense-in-depth.
