Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Jun 1998 23:21:58 +0200
From:      Eivind Eklund <eivind@yes.no>
To:        Niall Smart <njs3@doc.ic.ac.uk>, dima@best.net, Darren Reed <avalon@coombs.anu.edu.au>
Cc:        jayrich@room101.sysc.com, security@FreeBSD.ORG
Subject:   Re: bsd securelevel patch question
Message-ID:  <19980614232158.50384@follo.net>
In-Reply-To: <E0yl9x3-00077K-00@oak71.doc.ic.ac.uk>; from Niall Smart on Sun, Jun 14, 1998 at 11:23:53AM %2B0100
References:  <E0yl9x3-00077K-00@oak71.doc.ic.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Jun 14, 1998 at 11:23:53AM +0100, Niall Smart wrote:
> On Jun 13, 11:03pm, Dima Ruban wrote:
> } Subject: Re: bsd securelevel patch question
> Thats arguable, consider this quote from the D&I of 4.4BSD
> 
>    Files marked immutable include those that are frequently the subject
>    of attack by intruders (e.g., login and su).  The append-only flag
>    is typically used for critical system logs.  If an intruder breaks
>    in, he will be unable to cover his tracks.  Although simple in 
>    concept, these two features improve the security of a system
>    dramatically.
> 
> I've already posted the following argument to bugtraq, but I'll repeat
> it again here.
> 
> Why do they advocate protecting login and su if such protection can
> be trivially defeated using the same techniques we demonstrated in
> the attack on inetd?  And why do they claim these features improve the
> security of a system "dramatically" if they can be bypassed so easily?
> 
> What use are securelevels without propagating the immutable flag?

They can assure that a correct system comes up again after a boot,
with logs of at least the point of attack.  This can be a dramatic
improvement.

If you want better protection than that, I think it would be better to
change the entire security model (throw away setuid, for a start).

Eivind.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980614232158.50384>