Date: Sun, 20 Jun 1999 01:03:16 -0700 (PDT) From: Cliff Skolnick <cliff@steam.com> To: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU> Cc: Darren Reed <avalon@coombs.anu.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: proposed secure-level 4 patch Message-ID: <Pine.BSF.4.10.9906200059110.6218-100000@lazlo.internal.steam.com> In-Reply-To: <Pine.BSF.4.05.9906192235070.70357-100000@smarter.than.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 Jun 1999, Brian W. Buchanan wrote: > In the proposed case, people who are paranoid about having a root > compromise lead to someone binding a modified version of sshd or other > login daemon to steal passwords can bring the system to securelevel 4 > after daemon startup and ensure that the attacker cannot simply kill sshd > and replace it. Well-written daemons should *not* die unless killed, and > if you're running with a positive securelevel, you've already given up the > luxury of live upgrades. To minimize downtime due to dead daemons, just > spawn everything from inetd and make darn sure that inetd won't die unless > root decides it should. And be sure to understand what code they will load, like a shared library or an external excutable as innocent as "ls". Most paranoid people I know don't run inetd anyways, they like their daemons in stand alone mode. Yes, this stuff is nasty. It also has limited use in non-general purpose systems like firewalls. Cliff -- Cliff Skolnick | "They that can give up essential liberty to obtain Steam Tunnel Operations | a little temporary safety deserve neither liberty cliff@steam.com | nor safety." http://www.steam.com/ | -- Benjamin Franklin, 1759 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906200059110.6218-100000>