From owner-freebsd-security  Sun Jun 20  1: 3:12 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lazlo.internal.steam.com (lazlo.steam.com [199.108.84.37])
	by hub.freebsd.org (Postfix) with ESMTP id 6EEAB14D79
	for <freebsd-security@FreeBSD.ORG>; Sun, 20 Jun 1999 01:03:04 -0700 (PDT)
	(envelope-from cliff@steam.com)
Received: from lazlo.internal.steam.com (cliff@lazlo.internal.steam.com [192.168.32.2])
	by lazlo.internal.steam.com (8.9.3/8.9.3) with ESMTP id BAA97760;
	Sun, 20 Jun 1999 01:03:16 -0700 (PDT)
Date: Sun, 20 Jun 1999 01:03:16 -0700 (PDT)
From: Cliff Skolnick <cliff@steam.com>
X-Sender: cliff@lazlo.internal.steam.com
To: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU>
Cc: Darren Reed <avalon@coombs.anu.edu.au>,
	freebsd-security@FreeBSD.ORG
Subject: Re: proposed secure-level 4 patch
In-Reply-To: <Pine.BSF.4.05.9906192235070.70357-100000@smarter.than.nu>
Message-ID: <Pine.BSF.4.10.9906200059110.6218-100000@lazlo.internal.steam.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 19 Jun 1999, Brian W. Buchanan wrote:

> In the proposed case, people who are paranoid about having a root
> compromise lead to someone binding a modified version of sshd or other
> login daemon to steal passwords can bring the system to securelevel 4
> after daemon startup and ensure that the attacker cannot simply kill sshd
> and replace it.  Well-written daemons should *not* die unless killed, and
> if you're running with a positive securelevel, you've already given up the
> luxury of live upgrades.  To minimize downtime due to dead daemons, just
> spawn everything from inetd and make darn sure that inetd won't die unless
> root decides it should.

And be sure to understand what code they will load, like a shared library or
an external excutable as innocent as "ls".  Most paranoid people I know
don't run inetd anyways, they like their daemons in stand alone mode.

Yes, this stuff is nasty.  It also has limited use in non-general purpose
systems like firewalls.

Cliff

--
Cliff Skolnick          | "They that can give up essential liberty to obtain
Steam Tunnel Operations |  a little temporary safety deserve neither liberty
cliff@steam.com         |  nor safety."
http://www.steam.com/   |                   -- Benjamin Franklin, 1759




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message