From owner-freebsd-security Sat Feb 10 10:32:48 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA03884 for security-outgoing; Sat, 10 Feb 1996 10:32:48 -0800 (PST) Received: from anna.az.com (anna.az.com [204.57.139.9]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id KAA03875 for ; Sat, 10 Feb 1996 10:32:44 -0800 (PST) Received: (from yankee@localhost) by anna.az.com (8.6.12/8.6.12) id KAA28519; Sat, 10 Feb 1996 10:33:25 -0800 Date: Sat, 10 Feb 1996 10:33:24 -0800 (PST) From: "az.com" To: freebsd-security@FreeBSD.org Subject: Want OS patch to restrict root processes to local In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org Precedence: bulk Where would I go in the source code or has someone already created the following: For all network and dialin parented processes, i.e., hackers coming from internet or dial-in using a legitimate user's password to get a shell: Prevents any process which gained root access via hacking from getting real root priveledge even though it appears they attained it. (kernel does nothing) this would prevent setuid or even if someone actually used the root passwd via su I have no need, except in special circustances (hence the toggle switch), to allow any process originating from a dialin or network port to ever execute as root. To make the whole thing fly would require the inclusion of a short registry file containing /pathname/programname(s) exempt from this restriction. This would allow common users to execute setuid programs like /usr/bin/passwd. Otherwise, the kernel would not return an error to the user, but never actually execute as root. It would also immedately generate a log. This would completely automate the detection of new holes the first time they are ever tried. Instead of only searching for and analyzing for security holes - let the holes exist, and when they are found autodiscover them and plug them at the moment of intrusion.