From owner-freebsd-security Thu Nov 9 8:10:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from ping.ru (ping.ping.ru [195.161.90.157]) by hub.freebsd.org (Postfix) with SMTP id 71C1F37B4C5 for ; Thu, 9 Nov 2000 08:10:10 -0800 (PST) Received: (qmail 2022 invoked from network); 9 Nov 2000 16:10:08 -0000 Received: from unknown (HELO zal) (192.168.0.150) by ping.ping.ru with SMTP; 9 Nov 2000 16:10:08 -0000 Message-ID: <001101c04a67$87b88e40$9600a8c0@zal.ping.ru> From: "Aleksey Zvyagin" To: Subject: About FreeBSD securelevel Date: Thu, 9 Nov 2000 21:10:08 +0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! I have read the security FreeBSD document (http://people.freebsd.org/~jkb/howto.html) and would like to improve the doc about securelevel I found some "exploits" for securelevel what it desribes. My language is bad thus i will be brief. If a system administrator will set FreeBSD (FreeBSD 2.2.6 and more) with these the advises then a hacker will low securelevel following ways: 1. to correct the file /etc/default/rc.conf and to low securelevel there 2. to move /etc to /foo and then to create a copy of /etc without schg flags and then restart FreeBSD (after a correction of /etc/rc.conf file) 3. To correct /etc/rc.conf 4. To move /usr/bin & /usr/sbin directories to /usr/foo1 /usr/foo2 and then to fake the system progs 5. To correct some /etc/rc.* files so as the /etc/rc exits at error of shell before the setting kern.securelevel > 0 6. All above changes come into effect at restart FreeBSD by hacker command "shutdown -r now" for example. From the above exploits i see the following resolves: chflags schg to: /boot.config /kernel /boot/* /etc/rc* /etc/defaults/* /bin/* /sbin/* /usr/bin/* /usr/sbin/* /usr/lib/* chflags sunlnk to: /etc /boot /bin /sbin /usr/bin /usr/sbin /usr/lib /etc/defaults And i would like to offer you for a publication at FreeBSD my toolkit for a lowing securelevel at remote server of system administrator by password file. Thus the hacker of remote server (at ISP for example) will not be able to low securelevelbut the system administrator will be able to low securelevel (far from server). Do anybode need this toolkit? P.S. Please to forward me your letters to zal@ping.ru address (or reply to "From" address) Thank you Aleksey Zvyagin, Russia, system administrator and web programmer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message