From owner-freebsd-security Tue Apr 3 15:40:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from sherline.com (sherline.net [216.120.87.2]) by hub.freebsd.org (Postfix) with SMTP id 08EF337B71A for ; Tue, 3 Apr 2001 15:40:18 -0700 (PDT) (envelope-from data@irev.net) Received: (qmail 26920 invoked from network); 3 Apr 2001 22:40:16 -0000 Received: from unknown (HELO server2) (216.120.87.3) by 216.120.87.2 with SMTP; 3 Apr 2001 22:40:16 -0000 Message-ID: <004201c0bc8f$09c514f0$035778d8@sherline.net> From: "Jeremiah Gowdy" To: "Matthew Emmerton" , "Kherry Zamore" , Cc: References: <005401c0bc63$7cb36650$0202a8c0@majorzoot> <001f01c0bc68$681a2b20$1200a8c0@gsicomp.on.ca> <002d01c0bc6d$2d558390$035778d8@sherline.net> <009001c0bc8e$a1eb6370$1200a8c0@gsicomp.on.ca> Subject: Re: su change? Date: Tue, 3 Apr 2001 15:40:09 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: "Matthew Emmerton" To: "Jeremiah Gowdy" ; "Kherry Zamore" ; Cc: Sent: Tuesday, April 03, 2001 3:37 PM Subject: Re: su change? > > > > if (!chshell(pwd->pw_shell) && ruid) > > > > errx(1, "permission denied (shell)."); > > > > > > > > The only thing we need to prepend to this is a check to see if we are > > > trying > > > > to su to root, which we should allow regardless of the shell > specified: > > > > > > I disagree. The root account is an account that needs to have the > highest > > > number of security checks present. > > > > Then make a point as to why root, when not having a valid shell, not being > > able to log in is a useful security check in any way shape or form. So > > people can change root's shell to something invalid when they want to lock > > the root account ? That's nonsensical. > > Last time I checked, only root had write access to /etc/master.passwd and > /etc/shells, so only someone who hacked root could change root's shell to > something invalid. (Note that I'm not handling the case of where an > administrator does something stupid.) > > gabby# ls -al /etc/shells /etc/master.passwd > -rw-r--r- 1 root wheel 223 Jul 28 2000 /etc/shells > -rw------ 1 root wheel 1423 mar 18 14:10 /etc/master.passwd > gabby# > > If someone happens to change root's shell, then the security of the machine > has been breached in some way. The immediate consequence is that root can't > log in. If you (the administrator) notices that you can't log in as root > anymore, then it's a really big clue that something major is wrong, and > would neccessitate taking the machine out of multi-user mode ASAP to perform > the investigation and fix things up. If someone roots your box, they're not going to change your shell to something invalid. If they have root, why change the shell at all. When you root a box, do you say "Damnit, why is this guy using csh ! I want bash !". It still doesn't make sense. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message