Date: Mon, 18 Jun 2001 22:59:01 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Crist Clark <crist.clark@globalstar.com> Cc: freebsd-bugs@FreeBSD.org Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole) Message-ID: <20010618225901.P1713@ringworld.oblivion.bg> In-Reply-To: <200106181950.f5IJoLL10522@freefall.freebsd.org>; from crist.clark@globalstar.com on Mon, Jun 18, 2001 at 12:50:21PM -0700 References: <200106181950.f5IJoLL10522@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 18, 2001 at 12:50:21PM -0700, Crist Clark wrote: > The following reply was made to PR misc/28188; it has been noted by GNATS. > > From: "Crist Clark" <crist.clark@globalstar.com> > To: Brad Huntting <huntting@glarp.com> > Cc: Dima Dorfman <dima@unixfreak.org>, > freebsd-gnats-submit@FreeBSD.ORG, security@FreeBSD.ORG > Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential > security hole) > Date: Mon, 18 Jun 2001 12:49:52 -0700 > > Brad Huntting wrote: > > > > > But you are right of course, the most secure way to go is raise > > > securelevel as early as possible in the boot sequence (although > > > off of the top of my head, I can't think of anything besides cron(8) > > > that would run non-"trusted" code).[...] > > > > Sendmail (runs programs specified in .forward files), inetd (ftp, > > telnet, etc) sshd (user shells), httpd (cgi-bin's).... Cron's > > @reboot is just the easiest one to exploit. > > Right, those others would be some pretty tough races to win. > > But anyway, I had a look at the -STABLE rc scripts to see what is > what. [snip analysis of -stable's startup mechanism] > > [Insert here the ususal disclaimer that securelevel(8) is lame and will > someday be replaced by real MAC extensions to the OS so do not sweat > the details of securelevel(8) too much.] Well, MAC won't be MFC'd to 4.x, will it? G'luck, Peter -- If I were you, who would be reading this sentence? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010618225901.P1713>