Date: Tue, 7 Jul 1998 09:19:23 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Niall Smart <rotel@indigo.ie> Cc: Andrew McNaughton <andrew@squiz.co.nz>, security@FreeBSD.ORG Subject: Re: bsd securelevel patch question Message-ID: <Pine.BSF.3.96.980707084611.10343A-100000@fledge.watson.org> In-Reply-To: <199807052106.WAA04694@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 5 Jul 1998, Niall Smart wrote: > On Jul 3, 4:26am, Andrew McNaughton wrote: > } Subject: Re: bsd securelevel patch question > > >Eh? If ssh/smtp/inetd bind to the port you won't be able to, no > > >matter how often you try. > > > > Unless the server is restarted for some reason. hence the rapid cron job > > which will eventually succeed if not detected first. > > Well, this should be detected, and is easily detectable. "detectable" is not acceptable in most real-world environments. Suppose I know you will be upgrading ssh at a certain time of day due to your announcement that incoming ssh service will not be available during that time period (a common arrangement where customers are involved -- notifying them of downtimes for commonly used services). I agree that privilege would have to be allocated on a per-port basis, as my access to most of my servers is only via the network -- I cannot afford to "detect" someone replacing a key daemon (nfsd) on a server because they managed to subvert a CGI script. The case of Java Servlets is actually a little more serious -- ServLets run inside the web server's process. Similarly, a buffer overflow in apache should not give me that ability. Having a bulk "can bind <1024 on protocol TCP" privilege is too broad, and gains very little. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980707084611.10343A-100000>