Date: Mon, 24 Mar 1997 10:45:13 -0800 From: Darryl Okahata <darrylo@hpnmhjw.sr.hp.com> To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) Cc: freebsd-bugs@freebsd.org Subject: Re: sendmail can't create PID file because of owner permission of /var/run Message-ID: <199703241845.AA243889113@hpnmhjw.sr.hp.com> In-Reply-To: Your message of "Mon, 24 Mar 1997 08:09:50 %2B0100." <19970324080950.WP16275@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Joerg Wunsch (joerg_wunsch@uriah.heep.sax.de) wrote:
> Since bin has no password (and no shell) on 99.9 % of the systems, you
> must be root before you can become bin anyway. So what? If the
> intruder is root already, assigning all the system binaries to root
> wouldn't help.
Scenario:
* Intruder breaks into system "A", and manages to become root.
* Intruder attempts to break into system "B", but is initially thwarted
(no .rhosts, no hosts.equiv, no common passwords, etc.).
* However, system A mounts (via NFS) some of system B's directories.
System B disallows root access via NFS (i.e., root uid == -2).
* Intruder becomes "bin" on system A, cd's to an NFS-mounted directory
from system B, and replaces binary executables owned by bin with
trojan horses. Note that the trojans are being placed on system B,
and not system A.
I'm sure you can guess the rest. Keeping files and directories owned by
root can make a system more secure, as long as root access is disallowed
via NFS (and group/other write permission is taken away on files and
directories).
-- Darryl Okahata
Internet: darrylo@sr.hp.com
DISCLAIMER: this message is the author's personal opinion and does not
constitute the support, opinion, or policy of Hewlett-Packard, or of the
little green men that have been following him all day.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703241845.AA243889113>