From owner-freebsd-isp Thu Sep 13 8:39:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cithaeron.argolis.org (bgm-24-169-175-136.stny.rr.com [24.169.175.136]) by hub.freebsd.org (Postfix) with ESMTP id DFA2C37B421; Thu, 13 Sep 2001 08:38:49 -0700 (PDT) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.11.6/8.11.4) with ESMTP id f8DFbps33983; Thu, 13 Sep 2001 11:37:55 -0400 (EDT) (envelope-from piechota@argolis.org) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Thu, 13 Sep 2001 11:37:51 -0400 (EDT) From: Matt Piechota To: Kris Kennaway Cc: alexus , , Subject: Re: protecting /sbin and /usr/local/sbin In-Reply-To: <20010912142752.A26055@xor.obsecurity.org> Message-ID: <20010913113439.G33971-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 12 Sep 2001, Kris Kennaway wrote: > You can do it, but if your system relies on non-root users executing > these commands, bits will obviously fail. I think you're probably > overreacting, though. Plus, you're going to have to clamp down on compiling and such. Some one could go find the source for whatever command and compile up their own copy. Of course they could compile their own binary somewhere else and transfer it over as well. You could make it harder for them, but you're not going to be able to stop them from running the commands in question. -- Matt Piechota Finger piechota@emailempire.com for PGP key AOL IM: cithaeron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message