From owner-freebsd-bugs  Mon Jun 18 13: 0:59 2001
Delivered-To: freebsd-bugs@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13])
	by hub.freebsd.org (Postfix) with SMTP id CEAEB37B409
	for <freebsd-bugs@FreeBSD.org>; Mon, 18 Jun 2001 13:00:42 -0700 (PDT)
	(envelope-from roam@orbitel.bg)
Received: (qmail 32219 invoked by uid 1000); 18 Jun 2001 19:59:01 -0000
Date: Mon, 18 Jun 2001 22:59:01 +0300
From: Peter Pentchev <roam@orbitel.bg>
To: Crist Clark <crist.clark@globalstar.com>
Cc: freebsd-bugs@FreeBSD.org
Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole)
Message-ID: <20010618225901.P1713@ringworld.oblivion.bg>
Mail-Followup-To: Crist Clark <crist.clark@globalstar.com>,
	freebsd-bugs@FreeBSD.org
References: <200106181950.f5IJoLL10522@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200106181950.f5IJoLL10522@freefall.freebsd.org>; from crist.clark@globalstar.com on Mon, Jun 18, 2001 at 12:50:21PM -0700
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

On Mon, Jun 18, 2001 at 12:50:21PM -0700, Crist Clark wrote:
> The following reply was made to PR misc/28188; it has been noted by GNATS.
> 
> From: "Crist Clark" <crist.clark@globalstar.com>
> To: Brad Huntting <huntting@glarp.com>
> Cc: Dima Dorfman <dima@unixfreak.org>,
> 	freebsd-gnats-submit@FreeBSD.ORG, security@FreeBSD.ORG
> Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential 
>  security hole)
> Date: Mon, 18 Jun 2001 12:49:52 -0700
> 
>  Brad Huntting wrote:
>  > 
>  > > But you are right of course, the most secure way to go is raise
>  > > securelevel as early as possible in the boot sequence (although
>  > > off of the top of my head, I can't think of anything besides cron(8)
>  > > that would run non-"trusted" code).[...]
>  > 
>  > Sendmail (runs programs specified in .forward files), inetd (ftp,
>  > telnet, etc) sshd (user shells), httpd (cgi-bin's)....  Cron's
>  > @reboot is just the easiest one to exploit.
>  
>  Right, those others would be some pretty tough races to win.
>  
>  But anyway, I had a look at the -STABLE rc scripts to see what is
>  what.
[snip analysis of -stable's startup mechanism]
>  
>  [Insert here the ususal disclaimer that securelevel(8) is lame and will 
>  someday be replaced by real MAC extensions to the OS so do not sweat
>  the details of securelevel(8) too much.]

Well, MAC won't be MFC'd to 4.x, will it?

G'luck,
Peter

-- 
If I were you, who would be reading this sentence?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message