Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Apr 2001 15:40:09 -0700
From:      "Jeremiah Gowdy" <data@irev.net>
To:        "Matthew Emmerton" <matt@gsicomp.on.ca>, "Kherry Zamore" <dknj@dknj.org>, <freebsd-stable@FreeBSD.ORG>
Cc:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: su change?
Message-ID:  <004201c0bc8f$09c514f0$035778d8@sherline.net>
References:  <005401c0bc63$7cb36650$0202a8c0@majorzoot> <001f01c0bc68$681a2b20$1200a8c0@gsicomp.on.ca> <002d01c0bc6d$2d558390$035778d8@sherline.net> <009001c0bc8e$a1eb6370$1200a8c0@gsicomp.on.ca>

next in thread | previous in thread | raw e-mail | index | archive | help

----- Original Message -----
From: "Matthew Emmerton" <matt@gsicomp.on.ca>
To: "Jeremiah Gowdy" <data@irev.net>; "Kherry Zamore" <dknj@dknj.org>;
<freebsd-stable@FreeBSD.ORG>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Tuesday, April 03, 2001 3:37 PM
Subject: Re: su change?


> > > > if (!chshell(pwd->pw_shell) && ruid)
> > > >     errx(1, "permission denied (shell).");
> > > >
> > > > The only thing we need to prepend to this is a check to see if we
are
> > > trying
> > > > to su to root, which we should allow regardless of the shell
> specified:
> > >
> > > I disagree.  The root account is an account that needs to have the
> highest
> > > number of security checks present.
> >
> > Then make a point as to why root, when not having a valid shell, not
being
> > able to log in is a useful security check in any way shape or form.  So
> > people can change root's shell to something invalid when they want to
lock
> > the root account ?  That's nonsensical.
>
> Last time I checked, only root had write access to /etc/master.passwd and
> /etc/shells, so only someone who hacked root could change root's shell to
> something invalid.  (Note that I'm not handling the case of where an
> administrator does something stupid.)
>
> gabby# ls -al /etc/shells /etc/master.passwd
> -rw-r--r-  1 root  wheel  223 Jul 28  2000 /etc/shells
> -rw------  1 root  wheel 1423 mar 18 14:10 /etc/master.passwd
> gabby#
>
> If someone happens to change root's shell, then the security of the
machine
> has been breached in some way.  The immediate consequence is that root
can't
> log in.  If you (the administrator) notices that you can't log in as root
> anymore, then it's a really big clue that something major is wrong, and
> would neccessitate taking the machine out of multi-user mode ASAP to
perform
> the investigation and fix things up.

If someone roots your box, they're not going to change your shell to
something invalid.  If they have root, why change the shell at all.  When
you root a box, do you say "Damnit, why is this guy using csh !  I want bash
!".  It still doesn't make sense.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c0bc8f$09c514f0$035778d8>