Date: Thu, 10 Oct 2002 12:14:28 -0400 From: Steve Kudlak <chromexa@ovis.net> To: "Roman V. Mashak" <mrv@tv2.tomsk.ru>, "'hackers@freebsd.org'" <hackers@FreeBSD.ORG>, "Nelson, Trent ." <tnelson@switch.com> Subject: C-2(Security) blues and the like Message-ID: <3DA5A764.68AA7199@ovis.net>
next in thread | raw e-mail | index | archive | help
It has been a long time since I dealt with those arcane security matters. At least they are obscure and arcane to most people. Many consider me to be babbling when I go on about these things. If I start saying "rainbow books" (the NSA's security books are in different colors) many people assume that I am crazy.:) Most of the stuff I did involved C-2 security and all the logging and authentication stuff. An assumption seems to have been made that "logging in" via ftp was the same as logging in via tty or machine. This is not so. The ftp code "establishes a user" the login code gets the user a shell and all that. For awhile in some OSes with C-2 security if one was going to mount a dictionary attack on some user or ever root, ftp would have been away to go. It would allow one a large amount of attacks with logging. One would definitely get more than 3 attempts to "login". It was a way around C-2 security and was in my opinion a pretty serious compromise. Logging ftp "logins" and ftp use were proposed fixes. I just had to find the problems not fix them. Hmmm...maybe I will post this to BSD hackers and if someone says it is off topic I will shut up. Perhaps I should as this info is kind of old. But the important to watch for these little back door tricks. Note I have not as of late read the FreeBSD ftp code. Perhaps I should. Have Fun, Sends Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DA5A764.68AA7199>