Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 1 Mar 2000 21:02:09 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Andrey Novikov <scriber@webclub.ru>
Cc:        freebsd-security@freebsd.org
Subject:   Re: schg flag
Message-ID:  <Pine.NEB.3.96L.1000301205759.53787C-100000@fledge.watson.org>
In-Reply-To: <00022921443000.05868@novikov.web2000.ru>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Hmm.

mocking:/tmp# mkdir bin
mocking:/tmp# cp /bin/* bin/
mocking:/tmp# chflags schg bin/*
mocking:/tmp# mv bin binold
mocking:/tmp# mkdir bin
mocking:/tmp# cp trojan bin/ls

Nope. :-)  Looks like you really need to protect your hierarchy also :-).

mocking:/tmp# cp /bin/* bin
mocking:/tmp# chflags schg bin/* bin
mocking:/tmp# mv bin binold
mv: rename bin to binold/bin: Operation not permitted
mocking:/tmp# 

I.e., other than /, each directory leading to the files that need to be
protected.  Without doing this, the directories may easily be replaced by
rearranging the dir tree, leaving your schg'd binaries safely unmodified,
but with users (boot sequence, etc) using the replacements.

Robert

On Tue, 29 Feb 2000, Andrey Novikov wrote:

> Hello,
> 
> It seems to me that it will be more secure for my
> public server to say at least:
> 
> chflags schg /bin/*
> chflags schg /sbin/*
> chflags schg /usr/bin/*
> chflags schg /usr/sbin/*
> chflags schg /usr/local/bin/*
> chflags schg /usr/local/sbin/*
> 
> to prevent any troyans in my system binaries, am I wrong?
> Would it confuse future makeworlds on that system?
> 
> ------------------------------------------------------------
> Program source is just a special case of a patch
> 
> Andrey Novikov <novikov.web2000.ru> NAG-RIPN
> Web2000 Ltd.
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000301205759.53787C-100000>