From owner-doc-jp@jp.freebsd.org  Fri Feb 25 00:11:26 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id AAA08990;
	Fri, 25 Feb 2000 00:11:26 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from research.gate.nec.co.jp (research.gate.nec.co.jp [202.247.6.217])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id AAA08985
	for <doc-jp@jp.freebsd.org>; Fri, 25 Feb 2000 00:11:24 +0900 (JST)
	(envelope-from hino@nwk.cl.nec.co.jp)
Received: from leek.nwk.cl.nec.co.jp (root@leek.nwk.cl.nec.co.jp [10.56.32.7]) by research.gate.nec.co.jp (8.9.3+3.2W/000201) with ESMTP id AAA02897; Fri, 25 Feb 2000 00:11:08 +0900 (JST)
Received: from localhost by leek.nwk.cl.nec.co.jp (8.9.3/NWKM19990405) with ESMTP
	id AAA12465; Fri, 25 Feb 2000 00:11:08 +0900 (JST)
To: doc-jp@jp.freebsd.org, hrs@geocities.co.jp
From: hino@ccm.cl.nec.co.jp
X-In-Reply-To: hrs@geocities.co.jp's message of
	"Wed, 23 Feb 2000 04:16:58 +0900"
In-Reply-To: <200002221920.EAA06816@mail.geocities.co.jp>
References: <200002221920.EAA06816@mail.geocities.co.jp>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20000225001107V.hino@nwk.cl.nec.co.jp>
Date: Fri, 25 Feb 2000 00:11:07 +0900
X-Dispatcher: imput version 980905(IM100)
Lines: 76
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 7108
Subject: [doc-jp 7108] Re: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:04.delegate
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hino@nwk.cl.nec.co.jp

$BF|Ln(B@NEC$B$G$9(B. 
$B$A$HCY$l$^$7$?$,!D(B

>> On Wed, 23 Feb 2000 04:16:58 +0900, Hiroki Sato <hrs@geocities.co.jp> said:
:> $B:4F#!wEl5~M}2JBg3X$G$9!#(B
:>  $BCY$i$P$;$J$,$i(B, SA-00:04.delegate $B$NF|K\8lLu$G$9!#(B

:>  $B!&:G=i!"(Bexploit $B$rLu=P$7$F9M$($F$$$?$N$G$9$,!"(B
:>    passive exploit $B$"$?$j$NJ8$G$D$^$:$$$?$N$G!"(B
:>    $B$"$-$i$a$FA4It$=$N$^$^=P$9$h$&$KJQ$($F$^$9!#(B

$B!V967b!W$G==J,$J$h$&$J(B? $BLuCm$O$"$C$?J}$,NI$$$G$9$M!%(B
$B!t(B $B!V967b!W$r!VMQ8l!W$H$$$&$N$O$A$g$C$HJQ$+$J(B? 

:>  $B!&(Bbuffer overflow $B$,$"$j$^$9$C$FI=8=$bJQ$+$b!#(B
:>    buffer overflow $B$r5/$3$92DG=@-$N$"$k%3!<%I$H$+@bL@$9$Y$-(B?

$B!V(Bbuffer overflow $BLdBj(B{$B$,$"$j$^$9(B,$B$r4^$s$G$$$^$9(B,$B$r$+$+$($F$$$^$9(B}$B!W$J(B
$B$s$F$H$3$m$,L\$K$d$5$7$$$+$J$!!%(B

:>  # $BB>$K$b$*$+$7$J$H$3$m$,$"$l$P;XE&$7$F2<$5$$!#(B

<snip>

:> II.  $BLdBj$N>\:Y(B - Problem Description

:> which could allow an attacker to execute arbitrary code on the delegate
:> server. This code will run as the user ID of the 'delegated' process,

:> $B967b<T$O$3$l$i$N%P%C%U%!%*!<%P%U%m!<$rMxMQ$7(B,
:> delegate $B%5!<%P$K$"$kG$0U$N%3!<%I$r<B9T$9$k$3$H$,$G$-$^$9(B.

$B!D$rMxMQ$7(B,
delegate $B%5!<%P%W%m%;%9Fb$GG$0U$N%3!<%I$r<B9T$5$;$k$3$H$,=PMh$^$9(B.

$B!t(B $BD6Lu$.$_$+(B ^^;


:> FreeBSD makes no claim about the security of these third-party
:> applications, although an effort is underway to provide a security audit of
:> the most security-critical ports.

:> FreeBSD $B$O(B, $B%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#LdBj$K4X$7$F(B
:> $B$$$+$J$kMW5a$b$7$^$;$s$,(B, $BHs>o$K4m81$J%;%-%e%j%F%#>e$NLdBj$r4^$`(B
           ~~~~
:> Ports $B$rD4::$7(B, $B$=$N7k2L$rJs9p$9$k$H$$$&3hF0$r9T$J$C$F$$$^$9(B.

($BB>$N%"%J%&%s%9$K$bF1$8$H$3$m$,$"$j$^$9$,(B)$B!VMW5a!W$G$O$J$/$F!V<gD%!W$N(B
$BJ}$@$H;W$$$^$9!%(B

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$FFC$K<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: ports $B$KF~$C$F$$$k$+$i(B
$B$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,0BA4$G$"$k$HI>2A(B
$B$7$?$o$1$G$O$"$j$^$;$s(B)

$B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k(B
$B%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B, $B8=:_EXNOCf$G$9(B. 

:> V.   $B=$@5=hCV(B - Solution

:> Depending on your local setup and your security threat model, using a
:> firewall/packet filter such as ipfw(8) or ipf(8) to prevent remote users
:> from connecting to the delegate port(s) may be enough to meet your security
:> needs. Note that this will not prevent legitimate proxy users from
:> attacking the delegate server, although this may not be an issue if they
:> have a shell account on the machine anyway.

:> $B%m!<%+%k%7%9%F%`$N@_Dj$H%;%-%e%j%F%#BP:v$N%b%G%k$K$b$h$j$^$9$,(B,
                           ^$B$"$J$?$,MxMQ$7$F$$$k%M%C%H%o!<%/$G$N(B
:> ipfw(8) ipf(8) $B$H$$$C$?(B, $B%j%b!<%H%f!<%6$K$h$k(B delegate $B%]!<%H$X$N(B
:> $B%"%/%;%9$r@)8B$9$k%U%!%$%"%&%)!<%k$d%Q%1%C%H%U%#%k%?$NMxMQ$O(B,
:> $B$*$=$i$/%;%-%e%j%F%#LdBj$N2r7h$K==J,M-8z$@$H;W$o$l$^$9(B.
                                           ~~
$B"*$J>l9g$b$"$k(B

$B0J>e(B
