From owner-freebsd-hackers Mon Feb 24 14:36:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA24721 for hackers-outgoing; Mon, 24 Feb 1997 14:36:05 -0800 (PST) Received: from biohazard.csc.ncsu.edu (biohazard.csc.ncsu.edu [152.1.57.31]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id OAA24353; Mon, 24 Feb 1997 14:30:52 -0800 (PST) Received: by biohazard.csc.ncsu.edu (5.65/Eos/C-U-09Sep93) id AA03727; Mon, 24 Feb 1997 17:29:54 -0500 Message-Id: <9702242229.AA03727@biohazard.csc.ncsu.edu> Subject: Re: disallow setuid root shells? To: julian@whistle.com (Julian Elischer) Date: Mon, 24 Feb 1997 17:29:54 -0500 (EST) Cc: adrian@obiwan.aceonline.com.au, jehamby@lightside.com, hackers@freebsd.org, auditors@freebsd.org In-Reply-To: <3311E1FD.167EB0E7@whistle.com> from "Julian Elischer" at Feb 24, 97 10:46:21 am Reply-To: nate@ncsu.edu From: nate@ncsu.edu (Nate Johnson) X-Mailer: ELM [version 2.4 PL24/POP] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk %well the security audit should pick up any new suid files each night, Except the case where the hacker truly knows what they're doing, in which case, the security audit will be worthless. root can modify any files he wants, including the database used to compare suid files against. =( nsj -- Nate Johnson / nate@ncsu.edu / nsj@catt.ncsu.edu / nsj@FreeBSD.org Head Systems Administrator, Computer and Technologies Theme Program North Carolina State University, Raleigh, North Carolina