Date: Mon, 28 Jul 1997 18:49:02 +0000 (GMT) From: "Jonathan A. Zdziarski" <jonz@netrail.net> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Adam Shostack <adam@homeport.org>, Vincent Poy <vince@mail.MCESTATE.COM>, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95q.970728184807.26434D-100000@netrail.net> In-Reply-To: <Pine.BSF.3.95q.970728164656.3342K-100000@cyrus.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I was exploring a little while ago programming a ch-rooted telnetd to chroot to /usr if the person was over a specific uid. I got it running nicely, but never got to put it into production to fully test it...had to do a lot of copying (passwd files, etc, just like ftp). ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL ------------------------------------------------------------------------- On Mon, 28 Jul 1997, Robert Watson wrote: :On Mon, 28 Jul 1997, Adam Shostack wrote: : :> Vincent Poy wrote: :> :> su really should be setuid. Everything else is debatable. My :> advice is to turn off all setuid bits except those you know you need :> (possibly w, who, ps, ping, at, passwd) :> :> find / -xdev -perm -4000 -ok chmod u-s {} \; :> find /usr -xdev -perm -4000 -ok chmod u-s {} \; :> find / -xdev -perm -2000 -ok chmod g-s {} \; :> find /usr -xdev -perm -2000 -ok chmod g-s {} \; :> # The semicolons are part of the line : :Several mail delivery programs (mail.local, sendmail, uucp-stuff, etc) :require root access to delivery to local mailboxes; crontab related stuff, :terminal locking, some kerberos commands, local XWindows servers, and su :all rely on suid. : :What type of secured environment are you hoping to create? If root access :is only to be used from the console, and shared functions like :xwindows/mailstuff/user crontab aren't needed, you can probably just :disable all the suid-root programs, or suid-anything programs. Look also :at the sgid programs that scan kmem. Ideally, you'd also put the system :in a higher secure level, and mount all partitions non-suid, as long as :login kept working :). : :Does login require suid, or does gettytab run it as root anyway? : : Robert N Watson : :Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ :Network Security Research, Trusted Information Systems http://www.tis.com/ :Network Administrator, SafePort Network Services http://www.safeport.com/ :robert@fledge.watson.org rwatson@tis.com http://www.watson.org/~robert/ :
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970728184807.26434D-100000>