Date: Wed, 4 Oct 2000 17:24:10 -0700 (PDT) From: Dima Dorfman <dima@unixfreak.org> To: "Jeffrey J. Mountin" <jeff-ml@mountin.net> Cc: Dima Dorfman <dima@unixfreak.org>, security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001005002410.309DF1F0A@static.unixfreak.org> In-Reply-To: <4.3.2.20001004173510.00afd880@207.227.119.2> from "Jeffrey J. Mountin" at "Oct 4, 2000 05:39:42 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> At 03:08 AM 10/4/00 -0700, Dima Dorfman wrote: > > >IMO, the bottom line is, schg can only prevent an attacker if they > >don't have a good understanding of the system (which accounts for most > >of the script kid population). A really clever attacker would modify > >your securelevel settings in rc.conf, reboot the machine making it > >look like a panic or power surge (if they know you exclusivly access > >it remotly), fool around, then change it back. Tripwire on a r/o disk > >would tell you about it, but you can't do that remotly unless you plan > >on never touching any system binaries. Or am I missing something? > > And why wouldn't you protect /etc as well. Then one would rely on physical > security to change the security settings. A real PITA for remote systems, > but even that could be worked around with some care to allow changes > (reboot still required) and protect the system. You could, but your system would become almost unmanagable. Relying on going to single user mode to do basic maintenance (say you had fingerd on in inetd, but now you want to turn it off in light of the recent hole) isn't such a good idea. In my experience, if doing something is a big hassle, it generally doesn't get done. Say someone discovers a small local DoS in some serivce you're running. Assuming nobody untrusted has an account, a local DoS isn't such a big threat. Since you have to physically walk to the machine, boot it to single user mode (causing minor downtime), and change it, you'd probably decide to leave it alone. After a while it builds up, and your machine slowly deteriorates(sp?). And if you ever can't get to the machine and there's a serious remote hole, you're in trouble. Another good example of this are the recent threads about supporting older releases. Everybody agress it should be done, but nobody wants to do it. I'm pretty sure that if it was simply a matter of running `cvs commit` in two different branches (e.g. the same code would work in all branches) it wouldn't be such a big problem. Since they probably have to tweak the code to work on another branch, they don't do it. Regards -- Dima Dorfman <dima@unixfreak.org> Finger dima@unixfreak.org for my public PGP key. "A problem well stated is a problem half solved." -- Charles F. Kettering To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005002410.309DF1F0A>