Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Common Tator
All three operating systems need to invert permissions so if the permissions are all zero there are no permissions granted to do anything at all. And if you have zero permissions you can't set anything to give you permissions.

First, I agree with you (to some degree) on this point: If you set permissions low by default, there's literally nothing that an attack can accomplish other than, perhaps, crash the process (which will then restart presumably without harm). The problem is that many of these communication daemons have to run with root access in order to open the low-numbered ports (ie. ftp); hence, when a buffer overflow attack occurs, it's pretty bad.

Second, if you think you're safe from attack, I've got news for you. Many attacks come from people with inside knowledge on how your security works. If it's possible for your app to raise its privileges then someone else will eventually find a way to do so. It's just a matter of time. The only way to truly secure a server is to unplug it from the network.
13 posted on 01/15/2002 5:49:03 PM PST by Bush2000
[ Post Reply | Private Reply | To 12 | View Replies ]

To: Bush2000
The problem with UNIX is raw sockets in UNIX require root privileges.

If all I give a program of root's privileges is Raw Socket privileges it is damned hard for the cracker to do much. Stuff can be done but it is a lot easier if you have all of roots permissions.

What you do is patch the kernal so there is a new privilege type that is user plus raw socket privileges. That lets SMTP servers run with just uers privileges ( it is the SMTP relay component's DNS resolver that needs the raw Sockets). You don't need raw sockets for FTP.

Making a program have root privileges in order to do raw sockets is the same thing Bill Gates can be accused off doing ... that is sort of.

However NT contained an undocumented feature that allowed an ordinary user to run a dll that could create raw sockets. Did you ever wonder how you can run ping on an NT/2000 server with just user privileges? PING needs raw sockets. I figured if PING could do it I could too. And I did.

I reverse engineered the Dll that PING called to create the raw socket so a program that knew how could create raw sockets could do so with ordinary user privilges.

I wrote the SMTP, POP3 and IMAP4 components that are included with Delphi. I also wrote the DNS Resolver component. My code created Raw sockets with out administrator (root) privilges on Windows NT, 2000 and XP Server and Advanced server.

Microsoft later changed their documentation after people started asking how I did it. In my reverse engineering I discovered that Microsoft had taken the BSD UNIX socket code and only modified it so it would compile with the MS C++ compiler. That was a real discovery. It meant I could use UNIX source to understand windows code.

17 posted on 01/15/2002 6:09:09 PM PST by Common Tator
[ Post Reply | Private Reply | To 13 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson