From owner-freebsd-security Wed Feb 28 06:03:32 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id GAA09990 for security-outgoing; Wed, 28 Feb 1996 06:03:32 -0800 (PST) Received: from zygaena.com (zygaena.com [206.148.80.1]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id GAA09984 for ; Wed, 28 Feb 1996 06:03:26 -0800 (PST) From: ewb@zygaena.com Received: (from nobody@localhost) by zygaena.com (8.7.3/8.7.3) id JAA19750; Wed, 28 Feb 1996 09:03:20 -0500 (EST) X-Authentication-Warning: zygaena.com: nobody set sender to using -f Received: from lochsa.i.com(198.30.169.3) by zygaena.com via smap (V1.3) id sma019747; Wed Feb 28 09:03:16 1996 Received: (from ewb@localhost) by lochsa.i.com (8.7.3/8.7.3) id JAA05423; Wed, 28 Feb 1996 09:03:14 -0500 (EST) Date: Wed, 28 Feb 1996 09:03:14 -0500 (EST) Message-Id: <199602281403.JAA05423@lochsa.i.com> To: cschuber@orca.gov.bc.ca, freebsd-security@FreeBSD.org Subject: Re: Informing users of cracked passwords? Sender: owner-security@FreeBSD.org Precedence: bulk Cy Schubert wrote: >If a user trusts an account on another host and that host has been >hacked, you have to assume your host has been compromised as well. >You cannot assume otherwise because you have no evidence to the >contrary. Once a hacker has an account on a system you or your users >trust, it's just a matter of time before the hacker has root on your >system. This is a rather sweeping statement that I don't think is true in general. Certainly if there is root trust via /.rhosts and the hack has root on the trusted system then you're a goner. Otherwise, the hack simply has user level access - which I hope is not a *guarantee* that they can get root. Are you suggesting that root on every un*x (or FreeBSD?) system is inherently compromised by having untrusted users? If so, I hope that you are helping to plug the particular hole(s) that you know of! -- Will Brown ewb@zygaena.com Zygaena Network Services http://www.zygaena.com