From owner-freebsd-security@FreeBSD.ORG Wed Apr 4 07:03:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 414501065670 for ; Wed, 4 Apr 2012 07:03:10 +0000 (UTC) (envelope-from andreas@romab.com) Received: from rot13.romab.com (rot13.romab.com [213.115.13.4]) by mx1.freebsd.org (Postfix) with ESMTP id E6BF48FC0C for ; Wed, 4 Apr 2012 07:03:09 +0000 (UTC) Received: by rot13.romab.com (Postfix, from userid 1004) id 79610B29; Wed, 4 Apr 2012 08:53:34 +0200 (CEST) Received: from minuteman.u88.romab.com (localhost [127.0.0.1]) by rot13.romab.com (Postfix) with ESMTP id 5B56BB27 for ; Wed, 4 Apr 2012 08:53:34 +0200 (CEST) Message-ID: <4F7BEFEF.3030702@romab.com> Date: Wed, 04 Apr 2012 08:53:35 +0200 From: Andreas Jonsson User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <20120331140820.101653608997tekk@webmail.ime.usp.br> <86fwcnygys.fsf@ds4.des.no> In-Reply-To: <86fwcnygys.fsf@ds4.des.no> X-Enigmail-Version: 1.4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD Security in Multiuser Environments X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Apr 2012 07:03:10 -0000 > Also... all this and you didn't raise the securelevel? Didn't set > system binaries schg? Didn't remove unwanted binaries like rcp(1), > rlogin(1), at(1) etc? > > To add to the list of all this... no mounting of /var /tmp, and /home as noexec, nosuid (oh wait, no suid binaries at all, then all partitions can be mounted as nosuid, except for sudo. perhaps i missed something?) No mac_biba, No mac_partition, no mac_bsdextended, and no mac_portacl... /a