Date: Thu, 02 Aug 2001 01:05:10 +0100 From: Brian Somers <brian@Awfulhak.org> To: Bart Matthaei <bart@xs4nobody.nl> Cc: Nuno Teixeira <nuno.mailinglists@pt-quorum.com>, freebsd-security@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: RELEASE 4.3 -> RELENG_4_3: SUCCESSFULLY but ... Message-ID: <200108020005.f7205A811423@hak.lan.Awfulhak.org> In-Reply-To: Message from Bart Matthaei <bart@xs4nobody.nl> of "Thu, 02 Aug 2001 01:09:46 %2B0200." <20010802010946.A9880@heresy.xs4nobody.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, Aug 01, 2001 at 10:01:41PM +0100, Nuno Teixeira wrote:
> <snip>
> > My question is: what is the real danger of doing `installworld` in
> > multiuser mode? I have doing a lot of tests in other machines tracking
> > STABLE and I have no problems so far.
>
> They advice you to run singleuser, because of the securelevel.
> If your securlevel is set to 3, for instance, you (no, not even root) wont be
> able to overwrite files that have the schg flags set (system immutable
> flag).. So things like rcp (which is schg by default) wont be installed
> properly.
$ ls -lo /bin/* /usr/bin/* /sbin/* /usr/sbin/* /usr/libexec/* | fgrep -w schg
-r-sr-xr-x 1 root wheel schg 348908 Aug 1 07:58 /bin/rcp
-r-x------ 1 root wheel schg 382188 Aug 1 08:10 /sbin/init
-r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chfn
-r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chpass
-r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/chsh
-r-sr-xr-x 1 root wheel schg 24936 Jul 26 11:23 /usr/bin/crontab
-r-sr-xr-x 1 root wheel schg 21668 Aug 1 08:15 /usr/bin/login
-r-sr-xr-x 1 man wheel schg 29040 Jul 16 09:07 /usr/bin/man
-r-sr-xr-x 1 root wheel schg 4064 Jul 16 09:15 /usr/bin/opieinfo
-r-sr-xr-x 1 root wheel schg 10692 Jul 16 09:15 /usr/bin/opiepasswd
-r-sr-xr-x 2 root wheel schg 26900 Aug 1 08:16 /usr/bin/passwd
-r-sr-xr-x 1 root wheel schg 10296 Jul 16 09:15 /usr/bin/rlogin
-r-sr-xr-x 1 root wheel schg 7660 Aug 1 08:16 /usr/bin/rsh
-r-sr-xr-x 1 root wheel schg 10456 Aug 1 08:16 /usr/bin/su
-r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchfn
-r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchpass
-r-sr-xr-x 6 root wheel schg 32612 Aug 1 08:15 /usr/bin/ypchsh
-r-sr-xr-x 2 root wheel schg 26900 Aug 1 08:16 /usr/bin/yppasswd
-r-xr-xr-x 1 root wheel schg 85120 Aug 1 08:09 /usr/libexec/ld-elf.so.1
-r-sr-x--- 1 root network schg 11256 Jul 16 09:17 /usr/sbin/sliplogin
This just blows my mind. Not only because I can't see (for example) why
rsh has schg and rshd does not, but also because
$ ls -lod / /bin /usr/bin /sbin /usr /usr/sbin /usr/libexec
drwxr-xr-x 21 root wheel - 512 Aug 1 14:07 /
drwxr-xr-x 2 root wheel - 1024 Aug 1 08:14 /bin
drwxr-xr-x 2 root wheel - 2048 Aug 1 08:11 /sbin
drwxr-xr-x 26 root wheel - 512 Aug 1 07:54 /usr
drwxr-xr-x 2 root wheel - 8192 Aug 1 08:21 /usr/bin
drwxr-xr-x 8 root wheel - 1536 Aug 1 08:21 /usr/libexec
drwxr-xr-x 2 root wheel - 4608 Aug 1 08:21 /usr/sbin
makes the whole thing a joke. Even at a high secure level, to
replace /sbin/init for example, you can
# cd /
# cp -rp sbin sbin.new
# mv sbin sbin.old
# mv sbin.new sbin
If programs are going to be chflags'd at install time, then their
parent directories should at least have sappnd on them -- or even
more appropriately, schg so that nothing can be planted in root's
path.
Of course the problem with doing that is it makes the installworld
rather difficult, even with securelevel == -1.
> Also, singleuser makes sure processes like sshd are shut down.
I can't see why that would make a difference (assuming a reboot is
done after the installworld).
> (this is my theory.. correct me if im wrong)
>
> With regards,
>
> Bart Matthaei
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108020005.f7205A811423>