Date: Fri, 18 Jun 1999 13:05:31 +0400 From: Kirill Nosov <slash@leontief.net> To: Frank Tobin <ftobin@bigfoot.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: securelevel descr Message-ID: <99061813270605.10975@MirStation.leontief.nw.ru> References: <Pine.BSF.4.10.9906180326180.55914-100000@srh0710.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 18 Jun 1999, you wrote: >Hrm, that is a excellent idea could be added as an extra securelevel, such >as -2. During this time, any user can open a port. > rc scripts can then >start up standard daemons, such as sshd, and then have them bind to >normally-privileged ports, with non-root privileges (well, sshd needs to >be root anyways). Then, when the rc scripts are done, the securelevel can >be raised to 4, which would allow noone, even root, to bind to >securelevels anymore. By doing both of these, we've accomplished less >root-privileged binaries _and_ trusted ports. Yep, perhaps this is one of possible solutions. >Additionally, even if sshd was compromised as it ran as root, and the >attacker gained root access, he could do virtually nothing damaging >(except possibly some DOS) to the system, being in a high securelevel >state. Compromising for example sendmail will lead to non-root compromise at all. > This includes killing the current sshd, and starting a new one to >sniff passwords, as, as stated, the proposed securelevel would be set to >not allow the opening of trusted ports. I think that creating needed patch is not an evil task. -- In the beginning there was data. The data was without form and null, and darkness was upon the face of the console; and the Spirit of IBM was moving over the face of the market. And DEC said, "Let there be registers"; and there were registers. And DEC saw that they carried; and DEC separated the data from the instructions. DEC called the data Stack, and the instructions they called Code. And there was evening and there was morning, one interrupt. -- Rico Tudor, "The Story of Creation or, The Myth of Urk" /Slash. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99061813270605.10975>