Date: Mon, 24 Feb 1997 20:14:15 -0500 (EST) From: "Matthew N. Dodd" <winter@jurai.net> To: Nate Johnson <nate@ncsu.edu> Cc: Julian Elischer <julian@whistle.com>, adrian@obiwan.aceonline.com.au, jehamby@lightside.com, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <Pine.BSI.3.95.970224201136.12054F-100000@sasami.jurai.net> In-Reply-To: <9702242229.AA03727@biohazard.csc.ncsu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Feb 1997, Nate Johnson wrote: > %well the security audit should pick up any new suid files each night, > Except the case where the hacker truly knows what they're doing, in which > case, the security audit will be worthless. root can modify any files he > wants, including the database used to compare suid files against. =( Tripwire suggests storing the file signature database on a hardware protected read only device. Say a SCSI drive with WP on. I'm not that paranoid so running in secure level 1 with the database set schg is good enough for me. Have a good one. /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970224201136.12054F-100000>