From owner-freebsd-hackers  Thu Oct 10  9: 5:56 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C7C2537B401
	for <hackers@FreeBSD.ORG>; Thu, 10 Oct 2002 09:05:54 -0700 (PDT)
Received: from ns1.ovis.net (ns1.ovis.net [207.0.147.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4609943E77
	for <hackers@FreeBSD.ORG>; Thu, 10 Oct 2002 09:05:54 -0700 (PDT)
	(envelope-from chromexa@ovis.net)
Received: from ovis.net (s43.pm5.ovis.net [207.0.147.109])
	by ns1.ovis.net (Postfix) with ESMTP
	id C00DE3B43; Thu, 10 Oct 2002 12:05:45 -0400 (EDT)
Message-ID: <3DA5A764.68AA7199@ovis.net>
Date: Thu, 10 Oct 2002 12:14:28 -0400
From: Steve Kudlak <chromexa@ovis.net>
Reply-To: chromexa@ovis.net
X-Mailer: Mozilla 4.5 [en]C-CCK-MCD ezn/58/n  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Roman V. Mashak" <mrv@tv2.tomsk.ru>,
	"'hackers@freebsd.org'" <hackers@FreeBSD.ORG>,
	"Nelson, Trent ." <tnelson@switch.com>
Subject: C-2(Security) blues and the like
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

It has been a long time since I dealt with those
arcane security matters. At least they are obscure
and arcane to most people. Many consider me
to be babbling when I go on about these things.
If I start saying "rainbow books" (the NSA's security
books are in different colors) many people assume
that I am crazy.:)

Most of the stuff I did involved C-2 security and
all the logging and authentication stuff. An assumption
seems to have been made that "logging in" via ftp
was the same as logging in via tty or machine. This is
not so. The ftp code "establishes a user" the login code
gets the user a shell and all that. For awhile in some OSes
with C-2 security if one was going to mount a dictionary
attack on some user or ever root, ftp would have been
away to go. It would allow one a large amount of attacks
with logging. One would definitely get more than 3 attempts
to "login".  It was a way around C-2 security and was in
my opinion a pretty serious compromise. Logging ftp "logins"
and ftp use were proposed fixes. I just had to find the problems
not fix them.

Hmmm...maybe I will post this to BSD hackers and if someone
says it is off topic  I will shut up. Perhaps I should as this info
is kind of old. But the important to watch for these little back door
tricks. Note I have not as of late read the FreeBSD ftp code.
Perhaps I should.

Have Fun,
Sends Steve


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message