From owner-freebsd-security  Wed Jun 30 11:30:51 1999
Delivered-To: freebsd-security@freebsd.org
Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20])
	by hub.freebsd.org (Postfix) with ESMTP id B47181564D
	for <freebsd-security@FreeBSD.ORG>; Wed, 30 Jun 1999 11:30:12 -0700 (PDT)
	(envelope-from brooks@one-eyed-alien.net)
Received: from localhost (brdavis@localhost)
	by orion.ac.hmc.edu (8.8.8/8.8.8) with ESMTP id LAA23033;
	Wed, 30 Jun 1999 11:30:05 -0700 (PDT)
From: brooks@one-eyed-alien.net
X-Authentication-Warning: orion.ac.hmc.edu: brdavis owned process doing -bs
Date: Wed, 30 Jun 1999 11:30:04 -0700 (PDT)
X-Sender: brdavis@orion.ac.hmc.edu
To: Anil Jangity <aj@entic.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kill!!!
In-Reply-To: <Pine.BSF.4.10.9906300934030.6726-100000@shell.entic.net>
Message-ID: <Pine.GSO.4.10.9906301127370.19730-100000@orion.ac.hmc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 30 Jun 1999, Anil Jangity wrote:

> I was wondering, is it possible/safe to make kill(1) to not allow it to
> kill a root process run from the console? Only the console should be able
> to kill those processes and no one else. 
> 
> The reason is, I leave a root login on the console at all times... just
> incase something stupid happens like the passwd is changed for root or you
> can no longer su to root etc because of a compromise or whatever, but if
> you have a logged in root already, it'll be easy to fix those. I was
> thinking making kill not be able to kill the shell after it was hacked
> etc. <rambling>

If you really wanted to, you could probalb implement that feature, but I
think it would require a higher secure level.  In reality, it's probably a
waste of time for your purposes.  See the commit message below (this was
also comitted to the RELENG_3 branch):

--<cut>--
peter       1999/04/03 20:36:50 PST

  Modified files:
    libexec/getty        gettytab.5 gettytab.h init.c main.c 
  Log:
  Add an 'al' (autologin username) capability to getty/gettytab.  This is a
  damn useful thing for using with serial consoles in clusters etc or secure
  console locations.  Using a custom gettytab entry for console with
  an entry like 'al=root' means that there is *always* a root login ready on
  the console.  This should replace hacks like those which go with conserver
  etc.  (This is a loaded gun, watch out for those feet!)
  
  Submitted by:  "Andrew J. Korty" <ajk@purdue.edu>
--<cut>--

-- Brooks



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message