From owner-freebsd-security  Tue Jul 29 15:47:00 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA18407
          for security-outgoing; Tue, 29 Jul 1997 15:47:00 -0700 (PDT)
Received: from j51.com (root@gorplex.j51.com [199.224.7.51])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA18392
          for <freebsd-security@FreeBSD.ORG>; Tue, 29 Jul 1997 15:46:53 -0700 (PDT)
Received: from localhost (aaronb@localhost) by j51.com (8.8.5/8.8.5) with SMTP id SAA09822; Tue, 29 Jul 1997 18:45:10 -0400 (EDT)
Date: Tue, 29 Jul 1997 18:45:10 -0400 (EDT)
From: Aaron Bornstein <aaronb@j51.com>
To: Vincent Poy <vince@mail.MCESTATE.COM>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: securelevel (was: Re: security hole in FreeBSD)
In-Reply-To: <Pine.BSF.3.95.970729143706.3844g-100000@mail.MCESTATE.COM>
Message-ID: <Pine.BSF.3.96.970729183123.9258A-100000@j51.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


[Cc list trimmed, I'm assuming most of those people are on the list -- AB]

On Tue, 29 Jul 1997, Vincent Poy wrote:
> 	You would think your toaster is unhackable.  So is a Leica camera
> lens but they still have ways to hack it.  Also, just for your
> information, the root password isn't even used that often.  It is only
> used every time the machine boots up since I run screen and I am connected
> 24 x7 and reattach the screen session when necessary.  
> 
	Great, now you've effectively given everyone who sniffs your
connection instant root access, no extra passwords necessary.  Using
screen in this manner merely opens another path to root, through an
account not afforded anywhere near the same protection by the operating
system.

> another machine and tracked him down and killed his connection.  jbhunt
> was running a portscanner to check for any daemons running on a higher
> port number but didn't find any. 
> 
	Don't forget the possibility of an exisiting daemon (such as
telnetd or ftpd) being modified slightly to allow remote access root
access to a certain site or (more likely) anyone who presents the proper
backdoor phrase/environment variable.  [I believe JKH mentioned this
already]

> 	True but the problem is we wished we had console access.  If we
> did, none of this would even happened I think.  
> 
	Bullshit.  If console access was available, the only portion of
this process that would be made easier is the cleanup.  Console access
does not significantly raise your chances of -preventing- attacks.


						--Aaron