Date: Wed, 04 Oct 2000 17:39:42 -0500 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: Dima Dorfman <dima@unixfreak.org> Cc: security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <4.3.2.20001004173510.00afd880@207.227.119.2> In-Reply-To: <20001004100859.33A4A1F0A@static.unixfreak.org> References: <20001004023249.B76230@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:08 AM 10/4/00 -0700, Dima Dorfman wrote: >IMO, the bottom line is, schg can only prevent an attacker if they >don't have a good understanding of the system (which accounts for most >of the script kid population). A really clever attacker would modify >your securelevel settings in rc.conf, reboot the machine making it >look like a panic or power surge (if they know you exclusivly access >it remotly), fool around, then change it back. Tripwire on a r/o disk >would tell you about it, but you can't do that remotly unless you plan >on never touching any system binaries. Or am I missing something? And why wouldn't you protect /etc as well. Then one would rely on physical security to change the security settings. A real PITA for remote systems, but even that could be worked around with some care to allow changes (reboot still required) and protect the system. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.20001004173510.00afd880>