Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Jun 1998 11:14:37 -0400 (EDT)
From:      woods@zeus.leitch.com (Greg A. Woods)
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: bsd securelevel patch question
Message-ID:  <199806151514.LAA04480@brain.zeus.leitch.com>
In-Reply-To: Niall Smart's message of "Sun, June 14, 1998 22:19:29 %2B0100" regarding "Re: bsd securelevel patch question" id <E0ylKBV-0001IS-00@oak71.doc.ic.ac.uk>
References:  <E0ylKBV-0001IS-00@oak71.doc.ic.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
[ On Sun, June 14, 1998 at 22:19:29 (+0100), Niall Smart wrote: ]
> Subject: Re: bsd securelevel patch question
>
> This is not correct, the fix does not require the prevention of killing
> immutable processes.  Its effectiveness relies on the ability to detect
> when a system daemon has died, and one other requirement noted below.
> There are a number of ways to achieve the first:
> 
>  - Kernel modifications which log whenever a process which has no
>    controlling terminal dies.  This is straightforward to achieve and
>    covers all the important cases.  It is even useful for non-security
>    related reasons.  Of course you can extend this patch to log whenever
>    any particular pid dies.  This is the recommended approach.

I presume you really mean "when a process which has no controlling
terminal dies *abnormally*".  Lots and lots of processes in the general
category of "have no controlling terminal" will die "normally" during
the lifetime of a system, and I don't think they need to be logged
specially....

>  - Never reuse PID's generated while the system was in secure level 0.
>    Again, this is relatively easy to achieve, and prevents the replacement
>    of daemons with trojans that have an identical pid, and the monitoring
>    can be performed in userland.  There is still the question of who
>    monitors the death of the monitoring process.  This is why the first
>    idea is superior.

I don't think this is an either/or proposition -- they are not
conflicting.  I.e. "and", not "or" is the correct conjunction!

-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806151514.LAA04480>