Date: Thu, 9 Nov 2000 21:10:08 +0500 From: "Aleksey Zvyagin" <zal@ping.ru> To: <freebsd-security@freebsd.org> Subject: About FreeBSD securelevel Message-ID: <001101c04a67$87b88e40$9600a8c0@zal.ping.ru>
next in thread | raw e-mail | index | archive | help
Hello! I have read the security FreeBSD document (http://people.freebsd.org/~jkb/howto.html) and would like to improve the doc about securelevel I found some "exploits" for securelevel what it desribes. My language is bad thus i will be brief. If a system administrator will set FreeBSD (FreeBSD 2.2.6 and more) with these the advises then a hacker will low securelevel following ways: 1. to correct the file /etc/default/rc.conf and to low securelevel there 2. to move /etc to /foo and then to create a copy of /etc without schg flags and then restart FreeBSD (after a correction of /etc/rc.conf file) 3. To correct /etc/rc.conf 4. To move /usr/bin & /usr/sbin directories to /usr/foo1 /usr/foo2 and then to fake the system progs 5. To correct some /etc/rc.* files so as the /etc/rc exits at error of shell before the setting kern.securelevel > 0 6. All above changes come into effect at restart FreeBSD by hacker command "shutdown -r now" for example. From the above exploits i see the following resolves: chflags schg to: /boot.config /kernel /boot/* /etc/rc* /etc/defaults/* /bin/* /sbin/* /usr/bin/* /usr/sbin/* /usr/lib/* chflags sunlnk to: /etc /boot /bin /sbin /usr/bin /usr/sbin /usr/lib /etc/defaults And i would like to offer you for a publication at FreeBSD my toolkit for a lowing securelevel at remote server of system administrator by password file. Thus the hacker of remote server (at ISP for example) will not be able to low securelevelbut the system administrator will be able to low securelevel (far from server). Do anybode need this toolkit? P.S. Please to forward me your letters to zal@ping.ru address (or reply to "From" address) Thank you Aleksey Zvyagin, Russia, system administrator and web programmer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001101c04a67$87b88e40$9600a8c0>