Date: Tue, 29 Mar 2005 13:19:06 -0600 (CST) From: "H. S." <security@revolutionsp.com> To: freebsd-hackers@freebsd.org Subject: A few thoughts.. Message-ID: <61910.81.84.174.37.1112123946.squirrel@mail.revolutionsp.com>
next in thread | raw e-mail | index | archive | help
Hey all,
I've been using FreeBSD for a long time, it's my favorite OS and I use it
on all my servers and most workstations. However, due to the nature of
some of the servers, I've always wondered about something, tho. It is
related to something deep in the OS. Let me try to explain.
For example, assume a shell server. There are permission restrictions
everywhere, to avoid users from seeing information that should be
available only to the administrator (ie: dmesg,systat, vmstat, and so on).
One could assume users won't be able to access the information provided by
these utilities. Please consider the following example:
[UNAME@WORKSTATION:/home/UNAME/] sftp USERNAME@192.168.0.254
Connecting to 192.168.0.254...
-- lan gateway --
USERNAME@192.168.0.254's password:
sftp> put /sbin/dmesg
dmesg 100% 5392 122.4KB/s 00:00
sftp> quit
[UNAME@WORKSTATION:/home/UNAME/] ssh USERNAME@192.168.0.254
-- lan gateway --
USERNAME@192.168.0.254's password:
Last login: Tue Mar 29 19:36:42 2005 from WORKSTATION
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD ?.?.? (UNKNOWN)
Welcome to FreeBSD!
Before seeking technical support, please use the following resources:
o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
for your release first as it's updated frequently.
o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of
`uname -a', along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man'.
You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.
"man tuning" gives some tips how to tune performance of your FreeBSD system.
-- David Scheidt <dscheidt@tumbolia.com>
[USERNAME@SERVER:/home/USERNAME]$ ./dmesg
Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.3-STABLE #1: Wed Dec 15 20:18:13 WET 2004
???@???:/usr/obj/usr/src/sys/???
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium/P55C (199.31-MHz 586-class CPU)
Origin = "GenuineIntel" Id = 0x544 Stepping = 4
Features=0x8001bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8,MMX>
real memory = 83886080 (80 MB)
avail memory = 72318976 (68 MB)
(changed hostnames/logins - 192.168.0.254 is a host on my lan)
My "USERNAME" account doesn't have access to /sbin/dmesg, but I uploaded a
/sbin/dmesg from a 5.2.1-RELEASE to a 5.3-STABLE box, and then I could
have access to this system information. The same goes for systat , vmstat,
and all these commands that (most people think) shouldn't be available for
regular users.
Shouldn't this information be protected at kernel level? Am I missing
something I can do about this ? Because this method works with everything
that ressembles permissions in order to hide system information that can
be obtained without root privileges.
Another thought, one can use the "logger" utility to write to some logfile
that is accessible via syslogd. example:
[UNAME@WORKSTATION:/home/UNAME/] logger -t su: evilone to root on/dev/ttyp0
# tail /var/log/messages
Mar 29 20:14:11 WORKSTATION su:: evilone to root on/dev/ttyp0
If you can't trust your logs.. This also poses another problem, with a
little patience, one can fill up /var.
Lastly, anyone knows if FreeBSD is getting systrace support ? I think of
it as a major drawback in the security field, one can do very interesting
things with systrace. Added with other freebsd features (jails, etc), it
makes a very good security tool.
Any comments appreciated!
Regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61910.81.84.174.37.1112123946.squirrel>