From owner-freebsd-security Mon Jun 15 08:15:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA26102 for freebsd-security-outgoing; Mon, 15 Jun 1998 08:15:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gateman.zeus.leitch.com (gateman.zeus.leitch.com [204.187.61.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA26078 for ; Mon, 15 Jun 1998 08:15:29 -0700 (PDT) (envelope-from woods@tap.zeus.leitch.com) Received: from zeus.leitch.com (tap.zeus.leitch.com [204.187.61.10]) by gateman.zeus.leitch.com (8.8.5/8.7.3/1.0) with ESMTP id LAA06228 for ; Mon, 15 Jun 1998 11:14:37 -0400 (EDT) Received: from brain.zeus.leitch.com (brain.zeus.leitch.com [204.187.61.32]) by zeus.leitch.com (8.7.5/8.7.3/1.0) with ESMTP id LAA24291 for ; Mon, 15 Jun 1998 11:14:51 -0400 (EDT) Received: (from woods@localhost) by brain.zeus.leitch.com (8.8.8/8.8.8) id LAA04480; Mon, 15 Jun 1998 11:14:37 -0400 (EDT) (envelope-from woods@tap.zeus.leitch.com) Date: Mon, 15 Jun 1998 11:14:37 -0400 (EDT) Message-Id: <199806151514.LAA04480@brain.zeus.leitch.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: woods@zeus.leitch.com (Greg A. Woods) To: freebsd-security@FreeBSD.ORG Subject: Re: bsd securelevel patch question In-Reply-To: Niall Smart's message of "Sun, June 14, 1998 22:19:29 +0100" regarding "Re: bsd securelevel patch question" id References: X-Mailer: VM 6.45 under Emacs 20.2.1 Reply-To: freebsd-security@FreeBSD.ORG Organization: Planix, Inc.; Toronto, Ontario; Canada Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ On Sun, June 14, 1998 at 22:19:29 (+0100), Niall Smart wrote: ] > Subject: Re: bsd securelevel patch question > > This is not correct, the fix does not require the prevention of killing > immutable processes. Its effectiveness relies on the ability to detect > when a system daemon has died, and one other requirement noted below. > There are a number of ways to achieve the first: > > - Kernel modifications which log whenever a process which has no > controlling terminal dies. This is straightforward to achieve and > covers all the important cases. It is even useful for non-security > related reasons. Of course you can extend this patch to log whenever > any particular pid dies. This is the recommended approach. I presume you really mean "when a process which has no controlling terminal dies *abnormally*". Lots and lots of processes in the general category of "have no controlling terminal" will die "normally" during the lifetime of a system, and I don't think they need to be logged specially.... > - Never reuse PID's generated while the system was in secure level 0. > Again, this is relatively easy to achieve, and prevents the replacement > of daemons with trojans that have an identical pid, and the monitoring > can be performed in userland. There is still the question of who > monitors the death of the monitoring process. This is why the first > idea is superior. I don't think this is an either/or proposition -- they are not conflicting. I.e. "and", not "or" is the correct conjunction! -- Greg A. Woods +1 416 443-1734 VE3TCP Planix, Inc. ; Secrets of the Weird To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message