Date: Wed, 2 Jun 1999 11:27:49 +1000 (EST) From: Bruce Campbell <bc@thehub.com.au> To: Cain <cain@tasam.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Shell Account system Message-ID: <Pine.BSF.3.96.990602111848.22875i-100000@zerlargal.humbug.org.au> In-Reply-To: <Pine.BSF.3.96.990601133911.10829C-100000@cain.tasam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Jun 1999, Cain wrote: > In addition to tripwire, monitor the existence of all SUID programs, when > new ones appear make sure you know about it. BTW, ircd is usually SUID, so > if a user of yours sets that up it's normal. But then how do you know a > hacker just hasn't named his root shell ircd... so monitor the sizes of > new SUID programs Possibly putting my foot in my mouth here, but *why* would ircd need to be SUID to anyone? It commonly runs at the high ports (6667) and thus does not need root for that. If you want a specific ircd user to run ircd (either by script or by respawning from init), I don't see a need for the ircd binary to be SUID to anyone (executable only be that user yes, SUID no) Or am I missing something here? --==-- Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990602111848.22875i-100000>