Date: Mon, 28 Jul 1997 18:06:59 -0500 (CDT) From: Gary Clark II <gclarkii@main.gbdata.com> To: vince@mail.MCESTATE.COM (Vincent Poy) Cc: winter@jurai.net, security@FreeBSD.ORG, johnnyu@accessus.net, mario1@primenet.com Subject: Re: security hole in FreeBSD Message-ID: <199707282306.SAA02009@main.gbdata.com> In-Reply-To: <Pine.BSF.3.95.970728152741.3844M-100000@mail.MCESTATE.COM> from Vincent Poy at "Jul 28, 97 03:28:38 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Vincent Poy wrote: > On Mon, 28 Jul 1997, Matthew N. Dodd wrote: > > =)On Mon, 28 Jul 1997, Vincent Poy wrote: > =)> I'll do that as soon as the machine comes back up. I heard that > =)> suid programs can be a problem too but which ones are required to be suid? > =) > =)As a general rule I set all suid/sgid system executeables schg and run > =)with securelevel set to 1 or 2. > =) > =)Getting rid of any unecessary suid/sgid programs would be good too. > > That wouldn't do any good if the user can chflags noschg on the > binaries you have schg on. Which is why you run the system at a VERY low security level. You would have to reboot into single user mode to do it then. > > Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Gary -- Gary Clark II (N5VMF) | I speak only for myself and "maybe" my company gclarkii@GBData.COM | Member of the FreeBSD Doc Team Providing Internet and ISP startups - http://WWW.GBData.com for information FreeBSD FAQ at ftp://ftp.FreeBSD.ORG/pub/FreeBSD/docs/FAQ.latin1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707282306.SAA02009>