Date: Wed, 4 Oct 2000 17:04:34 -0700 (PDT) From: Dima Dorfman <dima@unixfreak.org> To: Gabriel Ambuehl <gabriel_ambuehl@buz.ch> Cc: Dima Dorfman <dima@unixfreak.org>, Kris Kennaway <kris@FreeBSD.org>, Alfred Perlstein <bright@wintelcom.net>, Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG Subject: Re: Re[2]: BSD chpass (fwd) Message-ID: <20001005000434.1035B1F0A@static.unixfreak.org> In-Reply-To: <12917380571.20001004204942@buz.ch> from Gabriel Ambuehl at "Oct 4, 2000 08:49:42 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello Dima, > > Wednesday, October 04, 2000, 12:08:59 PM, you wrote: > > of the script kid population). A really clever attacker would modify > > your securelevel settings in rc.conf, reboot the machine making it > > look like a panic or power surge > > What about setting schg for it as well? You'd just need to find a > way Then they'd go change /etc/rc. You could set most of your root filesystem, including /etc, schg, which may help, but then you'd be making your machine almost unmanagable without console access. For example, how would you fix this chpass bug if you couldn't access the console and had no way to lower the securelevel, even with a reboot? -- Dima Dorfman <dima@unixfreak.org> Finger dima@unixfreak.org for my public PGP key. "If you understand everything, you must be misinformed." -- Japanese Proverb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005000434.1035B1F0A>