Date: Mon, 17 Feb 1997 00:57:15 +0100 From: stefan.arentz@luna.net (Stefan Arentz) To: security@freebsd.org Subject: Re: (fwd) Re: Shell Access Message-ID: <19970217005715.SA06934@blah.rotterdam.luna.net> In-Reply-To: <19970216132031.XX10822@dragon.nuxi.com>; from David O'Brien on Feb 16, 1997 13:20:31 -0800 References: <19970216132031.XX10822@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
And now for something complete different: Isn't it possible to block root hacks with a wrapper around the kernel's setuid()/seteuid()/setgid()/setegid() system call implementation that can deny the call on basis of the user id that is requesting the change of credentials? I know this is a partial solution, but even only blocking changes to root will probably help a lot. The code could be extended to log requests like this; if you setup syslog to log to a central machine then you can very easily detect them. Am I missing something here, or does this sound reasonable? - Stefan David O'Brien writes: > This is from CalWeb ISP in Sacramento CA. They were running 2.1-STABLE > on the shell account machines. They are now running 2.2-970207-GAMMA. > > This ISP's resonce to the setlocale vulnerability was to shut off shell > accounts for several days (and w/o notice to it's customers). > > -- forwarded message -- > Path: calweb!not-for-mail > From: rdugaue@calweb.com (Robert Du Gaue) > Newsgroups: calweb.general > Subject: Re: Shell Access > Date: 7 Feb 1997 15:49:30 GMT > Organization: CalWeb Internet Services, Inc. > Lines: 19 > Message-ID: <5dfiua$j37$1@news.calweb.com> > References: <32FADDA2.8FF@calweb.com> > NNTP-Posting-Host: web1.calweb.com > X-Newsreader: TIN [UNIX 1.3 950824BETA PL0] > Xref: calweb calweb.general:634 > > Steve Phariss (rebo@calweb.com) wrote: > : Can we have more details on the shell access??? > : > : Motd 02/07/97: > : > : > 02/07/97 Shell logins are disabled until a new security > : > release is made available. We appologize > : > for the inconvenience. > : > > : > : Any idea how long till access is going to be restored? > > A new security release for the OS is expected within the next > couple of days (rumor has it 'anytime', maybe today). > > -------------------------------------------------------------------------- > Robert Du Gaue - rdugaue@calweb.com http://www.calweb.com > President, CalWeb Internet Services Inc. (916) 641-9320 > -------------------------------------------------------------------------- > -- end of forwarded message -- -- Stefan Arentz - Technical Director - Luna Internet stefan.arentz@luna.net / +31 (0)10 4656232 To err is human, to forgive is Not Company Policy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970217005715.SA06934>