On 12 Dec 2002 at 16:09, Stephan Szabo wrote:
>
> On Fri, 13 Dec 2002, [iso-8859-1] Diego T. wrote:
>
> > Hello I'm an Italian student of computer science at
> > University of Rome "La Sapienza". I've to analyze some
> > daemons which run under root privileges with a tool
> > developed by my departement. This tool intercepts
> > critical syscalls, like Execve, and blocks illegal
> > invocation of that primitives (E.g. Execve("/bin/sh"))
> > performed by a daemon which runs under root
> > privileges. This approach blocks buffer overflow
> > attacks before they can complete (or I hope so). Now,
OK..
> > the problem is that postgres doesn' t run under root
> > privileges and that the tool intercepts only the
> > syscalls invoked by a process with root privileges. Is
> > possible to force postgres to run under root
> You could probably just hack out the checks in main/main.c
> and recompile, but postgres does call system and such to do
> things (like create databases) so I'm not sure it'd be terribly
> useful for you.
I agree. Not running root is a god idea from secutiry point of view. That way
any buffer overflow attacks would be half dead as it is.
Secondly In my understanding, buffer overflow attacks can be stopped very
effectivelyif compiler has stack smashing patches. ( Or is it kernel as well?)
And do look at strace. I feel you are shooting at same target..
HTH
ByeShridhar
--
Grinnell's Law of Labor Laxity: At all times, for any task, you have not got
enough done today.