:>I haven't heard anything from the Sidewinder folks in a couple days,
:Sorry for the delay; I thought we had gotten back to you right away.
Hmmm... I don't see anything here, and I haven't had any hiccups.
:Rather than try to reply in generalities, I think it would be best if
:you told the list what you did and how far it got you. As we say in
:the description of the system, we don't regard unauthorized root
:access as that big a deal, because on Sidewinder it's really
:"rootlet:" root access limited to a specific domain. It doesn't let
:you break out of the domain, or take control of the whole system.
I didn't intend for it to be a "big deal" that I was able to assume
root. The bigger deal was that I did so by taking advantage of the
suid root elm that you have, and that said problem was just discussed
on the bsdi-users mailing list. There's that suid root rdist, too...
It seems clear that you don't keep track of the list, which strikes me
as a dangerous proposition when your type enforcement hooks into a
platform that a LOT of talented people have source to.
I didn't get very far because I was not at all sure whether or not the
system was already compromised; information that you indicated would be
available as part of the challenge was not present. I didn't want to
waste any more time on the matter until I heard further from you. You
seemed to focus on the attention-grabbing "root access" aspect and
missed a few of my questions.
:I would humbly suggest this is more a reflection of a difference in
:approach than a question of good vs. bad. We regard the search for,
:and closing of, "routes to root" as a hopeless proposition because if
:you overlook one the consequences are catastrophic. What we worked on
:instead was a mechanism which turned "root" into "rootlet" so a single
:mistake didn't compromise the whole system. We view this as the only
:way to be able to run useful software at your Internet gateway.
Even with "rootlet", as you call it, one can compromise the integrity
of the machine. Who says I need to compromise the whole system to be
effective? Why would I want to run lots of software *on* my Internet
gateway in the first place? Sure, I want to be able to provide and
access Internet services, but that doesn't necessitate running lots
of crap on a bastion host, does it?
:A couple of people succeeded in getting "rootlet" access for the demo
:domain; nobody has succeeded in touching the "supervisor" machine.
:There are obviously two ways of looking at this: one is that it was a
:bad thing that they got "rootlet," in that we missed holes that others
:knew about. The other is that it was a good thing that "rootlet" got
:them nowhere special, in that it showed that Type Enforcement did its
:job. Individual readers will have to decide for themselves which view
:they wish to take.
It appears that even the program that you said would be there to
prove that the "supervisor" machine exists isn't on that machine.
Is this type enforcement at work, or some filtering router? :)
:I'd like to add a couple more things about "rootlet" access on
:Sidewinder, if I may. One is that allowing people to think they have
:traditional "root" access, when in fact they are confined to a domain,
:is central to various deception strategies. The other is that on the
:Challenge site we give people "wiggle room" by not logging them out
:until the fourth security alarm. On an operational site the likely
:policy would be to drop the connection on the first alarm signal. So
:if you are participating in the Challenge and you get the first
:warning message (the one that starts with ">>>>>") you can assume that
:in a real attack you'd be gone at that point. As a result of the
:"you're not out until your fourth strike" policy, there will be a
:window of opportunity for people who find other ways of getting
:"rootlet." Use it well :-)
Gee, maybe someone will be able to run tin without being flagged for a
security error, like your documentation said would be the case.
...Mike
--
Michael J. O'Connor Internet: mjo @
dojo .
mi .
org (email address)
InterNIC WHOIS: MJO http://www.coast.net/~mjo (WWW home page)
"Thoughts meander like a restless wind inside a letter box..." -Lennon
|
|
