From owner-freebsd-hackers Mon Feb 24 15:26:21 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA28319 for hackers-outgoing; Mon, 24 Feb 1997 15:26:21 -0800 (PST) Received: from hemi.com (hemi.com [204.132.158.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA28296 for ; Mon, 24 Feb 1997 15:26:15 -0800 (PST) Received: (from mbarkah@localhost) by hemi.com (8.8.5/8.7.3) id QAA12075; Mon, 24 Feb 1997 16:25:31 -0700 (MST) From: Ade Barkah Message-Id: <199702242325.QAA12075@hemi.com> Subject: Re: disallow setuid root shells? To: angio@aros.net (Dave Andersen) Date: Mon, 24 Feb 1997 16:25:30 -0700 (MST) Cc: abelits@phobos.illtel.denver.co.us, hackers@freebsd.org In-Reply-To: <199702241823.LAA27302@fluffy.aros.net> from Dave Andersen at "Feb 24, 97 11:23:51 am" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Dave wrote: > > IMHO adding "anti-setuid" code into shell will help, but that > > help won't worth the effort of typing "setuid(getuid());" ... > > I disagree. It's a small thing, and very easy to get around, but > it would help reduce the number of breakins by people who don't > understand what they're doing aside from running this program-thingy > that someone gave them. ... The anti-setuid code will not reduce breakins... by the time they're doing 'chmod u+s sh', they _already_have_ root access. What I'd do is to booby-trap the shells, so if it runs setuid, it _seems_ to run but reaaaalllyyyyy slooooowwww, and notifies me in the meantime. =-) Regards, -Ade ------------------------------------------------------------------- Inet: mbarkah@hemi.com - HEMISPHERE ONLINE - -------------------------------------------------------------------