Date: Tue, 29 Jul 1997 15:54:40 -0700 (PDT) From: Vincent Poy <vince@mail.MCESTATE.COM> To: Aaron Bornstein <aaronb@j51.com> Cc: freebsd-security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net> Subject: Re: securelevel (was: Re: security hole in FreeBSD) Message-ID: <Pine.BSF.3.95.970729155042.3844p-100000@mail.MCESTATE.COM> In-Reply-To: <Pine.BSF.3.96.970729183123.9258A-100000@j51.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Jul 1997, Aaron Bornstein wrote: =)[Cc list trimmed, I'm assuming most of those people are on the list -- AB] =) =) Great, now you've effectively given everyone who sniffs your =)connection instant root access, no extra passwords necessary. Using =)screen in this manner merely opens another path to root, through an =)account not afforded anywhere near the same protection by the operating =)system. If someone was sniffing my connection, then why weren't any of my screen sessions touched? I spend more time on the computer than most people would. As everyone knows, I only sleep 2-3 hours per day. =)> another machine and tracked him down and killed his connection. jbhunt =)> was running a portscanner to check for any daemons running on a higher =)> port number but didn't find any. =)> =) Don't forget the possibility of an exisiting daemon (such as =)telnetd or ftpd) being modified slightly to allow remote access root =)access to a certain site or (more likely) anyone who presents the proper =)backdoor phrase/environment variable. [I believe JKH mentioned this =)already] That is always a possibility ofcourse. Or they can install some daemon at a port. =)> True but the problem is we wished we had console access. If we =)> did, none of this would even happened I think. =)> =) Bullshit. If console access was available, the only portion of =)this process that would be made easier is the cleanup. Console access =)does not significantly raise your chances of -preventing- attacks. If console access was available, how would the sniffer sniff the console? since that would not go through the network in the first place. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970729155042.3844p-100000>