Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Kill the DOG and win 100 000 DM

From: Jay Tribick <jay.tribick () CARRIER1 NET>
Date: Fri, 10 Nov 2000 22:33:49 +0000
Hi,


To break it down:

1) When you connected from the internet you logged in as beaner. You network
connection from the internet was automatically marked at a different level
than TS ALL.  This was probably Confidential User or something like that.

2) Your MAC level (Con User) will stay with your process and all its children
no matter if you become another user or break a setuid program.


Lets say, for example, that there was an application running with an SL
that dominated the attacking users SL. This application has a remote-exec
hole (i.e by passing certain commands over the socket, one could cause the
application to system(3) or exec(3) another program) would the SL of the
program that was spawned be the SL of the attacking user, or the SL of
the application from which it was invoked?

(..assuming that the attack was performed by someone locally on the
machine telnetting to a port on the same box)


4) If your process tries to telnet to the local machine its label will be on
the stream and will be used in setting up that network connection.  This will
cause your connection to be at exactly the same level you are at.


Does this assume that the application you're connecting too is label-aware,
or is it enforced regardless of the application?

--
Regards,

Jay Tribick
Senior Systems Engineer
Carrier1
Voice:  +44 207 531 3874
Previous By Date Next
Previous By Thread Next

Current thread: