Skip to content
/ SUIDGuard Public
forked from sektioneins/SUIDGuard

SUIDGuard - a TrustedBSD Kernel Extension that adds mitigations to protect SUID/SGID processes a bit more

0 stars 46 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

igorkrj/SUIDGuard

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
SUIDGuard.xcodeproj
SUIDGuard.xcodeproj
 
 
SUIDGuard
SUIDGuard
 
 
README.md
README.md
 
 

Repository files navigation

SUIDGuard - A kernel extension adding mitigations to protect SUID/SGID binaries

Copyright (c) Stefan Esser / SektionEins GmbH, 2015. All rights reserved.
[email protected] - https://www.sektioneins.de/

SUIDGuard is a TrustedBSD kernel driver that implements several mitigations to protects against weaknesses usually involving SUID/SGID binaries.

  • protects SUID/SGID root binaries from DYLD_ environment variables by overwriting the string DYLD_ with XYLD_
  • protects the O_APPEND flag usually used when opening e.g. logfiles from being disabled by someone with credentials that are different from those used to open the file

Tested with OS X Yosemite 10.10.4.

ATTENTION: For ease of installation an autoloading version of this extension including a signed installer is available at

PKG: https://github.com/sektioneins/SUIDGuard/releases/download/1.0.0d1/SUIDGuardNG-Installer.pkg

DMG: https://github.com/sektioneins/SUIDGuard/releases/download/1.0.0d1/SUIDGuardNG.dmg

(source code for this rewritten extension will follow)

Regards, Stefan Esser

About

SUIDGuard - a TrustedBSD Kernel Extension that adds mitigations to protect SUID/SGID processes a bit more

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • C 100.0%