From owner-freebsd-security@FreeBSD.ORG Wed Jul 30 11:18:23 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A62437B401 for ; Wed, 30 Jul 2003 11:18:23 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B9ED43F3F for ; Wed, 30 Jul 2003 11:18:22 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 88DCB1524D; Wed, 30 Jul 2003 11:18:22 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 84F0B15247 for ; Wed, 30 Jul 2003 11:18:22 -0700 (PDT) Date: Wed, 30 Jul 2003 11:18:22 -0700 (PDT) From: Mike Hoskins To: security@freebsd.org In-Reply-To: <20030730201400.1708d588.db@traceroute.dk> Message-ID: <20030730111512.S16789@fubar.adept.org> References: <20030730015431.4120c648.db@traceroute.dk> <20030730201400.1708d588.db@traceroute.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: suid bit files + securing FreeBSD (new program: LockDown) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2003 18:18:23 -0000 On Wed, 30 Jul 2003, Socketd wrote: > Well, LockDown only has two files (the executable and the conf file) and > I'm gonna write it in C++, so making the C++ write a second program in a > different language (which I don't master) is maybe a little overkill ;-) Just as an aside, this sounds more and more like BastilleBSD. ;) If that's the direction you're headed, you may want to play with Bastille on a Linux bax (or vmware session) and see if you get any more ideas... Something that essentially automates the afore mentioned checklist would be very similar to Bastille already. (But for BSD, which I'm sure many would find useful.) Good luck, -mrh -- From: "Spam Catcher" To: spam-catcher@adept.org Do NOT send email to the address listed above or you will be added to a blacklist!