From owner-freebsd-security Mon Jul 24 8:27:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from aesthetic.detachment.org (agcess.com [208.11.244.15]) by hub.freebsd.org (Postfix) with ESMTP id 89F5837B90E for ; Mon, 24 Jul 2000 08:27:42 -0700 (PDT) (envelope-from tstromberg@rtci.com) Received: from rtci.com (helixblue@localhost [127.0.0.1]) by aesthetic.detachment.org (8.9.3/8.9.3) with ESMTP id LAA62892; Mon, 24 Jul 2000 11:27:43 -0400 (EDT) (envelope-from tstromberg@rtci.com) Message-ID: <397C606E.131A5CAE@rtci.com> Date: Mon, 24 Jul 2000 11:27:42 -0400 From: Thomas Stromberg X-Mailer: Mozilla 4.73 [en] (X11; I; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: Paul Hart Cc: freebsd-security@FreeBSD.ORG Subject: Re: Status of FreeBSD security work? Audit, regression and cryptoswap? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Hart wrote: > One other bad thing about using CFS for a home directory is the fact that > cdetach cannot make distinctions about whether it is the owner of the CFS > mount who is detaching it. As long as you know the name of the mount you > can detach mounts belonging to other people. Since your home directory > needs to be a fixed (and well-known) path name, you can become vulnerable > to a lame variety of denial-of-service attack against your account. > > Paul Hart What we did here for the cfs security disk script was: $target = sprintf("/crypt/.%lx", int(rand(999999))); Which provides a relatively randomized mountpoint which lies only in the knowledge of cfsd and the perl script. I also take advantage of the cfs feature which hides directories starting with a . This of course is by no means perfect, but it was secure enough for our requirements. However, if you wanted to make use of this as a home directory, you'd have to symlink to it (what I did), which would publicize the mountpoint. Though I guess some wierd antics can be done by changing the $HOME variable. ps -e will still find it however, and not all software respects $HOME. One could also dynamically modify their getpwent() info, and store it in a privatized location (nss-ldap anyone?).. This however is pure and utter insanity :) It'd be much easier to mod the cfs code. I'd love to see tcfs ported to FreeBSD, maybe it will alleviate some of the hackery. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5fGAyoyBzPESpFVQRAgm8AKCdQMn2G8LYeLWRdlh9a8SqWlKexwCfZ7ZO 5xlhcMn/OIY9vwNUBx+PZRI= =fqqB -----END PGP SIGNATURE----- -- thomas r. stromberg : tstromberg@rtci.com senior systems administrator : http://www.afterthought.org/ research triangle commerce, inc. : 1.919.657.1317 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message