From owner-freebsd-hackers Mon Feb 24 17:49:42 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA09121 for hackers-outgoing; Mon, 24 Feb 1997 17:49:42 -0800 (PST) Received: from cougar.aceonline.com.au (adrian@cougar.aceonline.com.au [203.103.81.36]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA08417; Mon, 24 Feb 1997 17:37:29 -0800 (PST) Received: from localhost (adrian@localhost) by cougar.aceonline.com.au (8.8.4/8.7) with SMTP id JAA22753; Tue, 25 Feb 1997 09:38:10 +0800 Date: Tue, 25 Feb 1997 09:38:09 +0800 (WST) From: Adrian Chadd To: Marc Slemko cc: hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 24 Feb 1997, Marc Slemko wrote: > > Btw - yes I know adduser isn't suid, sorry, I just woke up .. now I've had > > my coffee things are clearer. :) > > process accounting sortof does that: > > lastcomm: (after enabling process accounting, of course) > > passwd -S marcs ttyp1 0.09 secs Mon Feb 24 17:14 > > The S says used superuser privs. That is only a partial implementation, > though, since process accounting logs aren't the nicest to log remotely, > they contain a whole lot of other programs, and the S flag is only set if > something the process calls suser(); ie. something it calls ends up > resulting in suser being called by something. A lot can be done without > doing that. > > Process accounting may be something to start for that type of logging. > Ahh ok I'll take a look at that when I get home. I however like the idea of logging all setuid programs when they are run, and at the kernel level as well. The only problem I can see is with the size of the logs, but if people think its a worthwhile thing I might have a look at implementing something, again when I get home. Adrian.