From owner-freebsd-security  Mon Jul 28 16:07:18 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA10427
          for security-outgoing; Mon, 28 Jul 1997 16:07:18 -0700 (PDT)
Received: from main.gbdata.com (USR1-1.detnet.com [207.113.12.25])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA10419
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 16:07:14 -0700 (PDT)
Received: (from gclarkii@localhost)
	by main.gbdata.com (8.8.5/8.8.5) id SAA02009;
	Mon, 28 Jul 1997 18:06:59 -0500 (CDT)
From: Gary Clark II <gclarkii@main.gbdata.com>
Message-Id: <199707282306.SAA02009@main.gbdata.com>
Subject: Re: security hole in FreeBSD
To: vince@mail.MCESTATE.COM (Vincent Poy)
Date: Mon, 28 Jul 1997 18:06:59 -0500 (CDT)
Cc: winter@jurai.net, security@FreeBSD.ORG, johnnyu@accessus.net,
        mario1@primenet.com
In-Reply-To: <Pine.BSF.3.95.970728152741.3844M-100000@mail.MCESTATE.COM> from Vincent Poy at "Jul 28, 97 03:28:38 pm"
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Vincent Poy wrote:
> On Mon, 28 Jul 1997, Matthew N. Dodd wrote:
> 
> =)On Mon, 28 Jul 1997, Vincent Poy wrote:
> =)> 	I'll do that as soon as the machine comes back up.  I heard that
> =)> suid programs can be a problem too but which ones are required to be suid?
> =)
> =)As a general rule I set all suid/sgid system executeables schg and run
> =)with securelevel set to 1 or 2.
> =)
> =)Getting rid of any unecessary suid/sgid programs would be good too.
> 
> 	That wouldn't do any good if the user can chflags noschg on the
> binaries you have schg on.

Which is why you run the system at a VERY low security level.  You would
have to reboot into single user mode to do it then.

> 
> Vince - vince@MCESTATE.COM - vince@GAIANET.NET           ________   __ ____ 

Gary

-- 
Gary Clark II   (N5VMF) |    I speak only for myself and "maybe" my company 
gclarkii@GBData.COM     |          Member of the FreeBSD Doc Team 
  Providing Internet and ISP startups - http://WWW.GBData.com for information
       FreeBSD FAQ at ftp://ftp.FreeBSD.ORG/pub/FreeBSD/docs/FAQ.latin1