[7356] in bugtraq
Re: EMERGENCY: new remote root exploit in UW imapd
daemon@ATHENA.MIT.EDU (Dave Andersen)
Wed Jul 22 16:43:53 1998
Date: Tue, 21 Jul 1998 14:14:30 -0600
Reply-To: Dave Andersen <angio@AROS.NET>
From: Dave Andersen <angio@AROS.NET>
X-To: dossy@PANOPTIC.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19980721011616.B5084@panoptic.com> from Allanah Myles at "Jul
21, 98 01:16:16 am"
Lo and behold, Allanah Myles once said:
>
> The traditional argument is that "with the way things
> currently are, it may be nearly impossible to redesign
> services to not require privilages." Well, then, if
> you want a secure system, be prepared to build one---from
> scratch, if need be. Perhaps even the existing notion of
> UNIX-based privilages is insufficient for any real
> security - design a better model, and implement it.
Other people have argued this point far better than I'm willing to in
a short mail message, so I'll just point out a pretty good reference.
This is mostly in the arena of research, not available products, so if
you're looking for a quick fix, hit "delete" now. :)
TIS (now "TIS labs at Network Associates" if we want to be formal. :-)
has a great paper entitled "Confining Root Programs with Domain Type
Enforcement". One major premise of the paper is that your root programs
are likely to experience problems and compromises, so the best way to get
around that is by reducing the spread of what those "root" programs can
do. Similar arguments have been made for years on the least priviledge
front, so I'll leave that side of things alone.
http://www.tis.com/research/secure/compsys.html
-Dave
--
angio@aros.net <-- play
danderse@cs.utah.edu <-- work
