From owner-freebsd-security Fri Jun 18 3:28:22 1999 Delivered-To: freebsd-security@freebsd.org Received: from hq.leontief.ru (gw-lc.sut.ru [195.19.221.38]) by hub.freebsd.org (Postfix) with ESMTP id EA71614F19 for ; Fri, 18 Jun 1999 03:28:12 -0700 (PDT) (envelope-from slash@leontief.net) Received: from MirStation.leontief.nw.ru (root@100Mbs-S0.leontief.nw.ru [194.190.151.253]) by hq.leontief.ru (8.8.7/8.8.7) with ESMTP id NAA16379; Fri, 18 Jun 1999 13:44:46 +0400 (MSD) (envelope-from slash@leontief.net) Received: from MirStation.leontief.nw.ru (slash@localhost [127.0.0.1]) by MirStation.leontief.nw.ru (8.8.7/8.8.7) with SMTP id NAA09997; Fri, 18 Jun 1999 13:27:06 +0400 From: Kirill Nosov Reply-To: slash@leontief.net To: Frank Tobin Subject: Re: securelevel descr Date: Fri, 18 Jun 1999 13:05:31 +0400 X-Mailer: KMail [version 1.0.17] Content-Type: text/plain References: Cc: freebsd-security@FreeBSD.ORG MIME-Version: 1.0 Message-Id: <99061813270605.10975@MirStation.leontief.nw.ru> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 18 Jun 1999, you wrote: >Hrm, that is a excellent idea could be added as an extra securelevel, such >as -2. During this time, any user can open a port. > rc scripts can then >start up standard daemons, such as sshd, and then have them bind to >normally-privileged ports, with non-root privileges (well, sshd needs to >be root anyways). Then, when the rc scripts are done, the securelevel can >be raised to 4, which would allow noone, even root, to bind to >securelevels anymore. By doing both of these, we've accomplished less >root-privileged binaries _and_ trusted ports. Yep, perhaps this is one of possible solutions. >Additionally, even if sshd was compromised as it ran as root, and the >attacker gained root access, he could do virtually nothing damaging >(except possibly some DOS) to the system, being in a high securelevel >state. Compromising for example sendmail will lead to non-root compromise at all. > This includes killing the current sshd, and starting a new one to >sniff passwords, as, as stated, the proposed securelevel would be set to >not allow the opening of trusted ports. I think that creating needed patch is not an evil task. -- In the beginning there was data. The data was without form and null, and darkness was upon the face of the console; and the Spirit of IBM was moving over the face of the market. And DEC said, "Let there be registers"; and there were registers. And DEC saw that they carried; and DEC separated the data from the instructions. DEC called the data Stack, and the instructions they called Code. And there was evening and there was morning, one interrupt. -- Rico Tudor, "The Story of Creation or, The Myth of Urk" /Slash. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message