From owner-freebsd-security  Tue Jul 29 15:54:52 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA19014
          for security-outgoing; Tue, 29 Jul 1997 15:54:52 -0700 (PDT)
Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA19009
          for <freebsd-security@FreeBSD.ORG>; Tue, 29 Jul 1997 15:54:47 -0700 (PDT)
Received: from localhost (vince@localhost)
	by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id PAA11593;
	Tue, 29 Jul 1997 15:54:41 -0700 (PDT)
Date: Tue, 29 Jul 1997 15:54:40 -0700 (PDT)
From: Vincent Poy <vince@mail.MCESTATE.COM>
To: Aaron Bornstein <aaronb@j51.com>
cc: freebsd-security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>,
        JbHunt <johnnyu@accessus.net>
Subject: Re: securelevel (was: Re: security hole in FreeBSD)
In-Reply-To: <Pine.BSF.3.96.970729183123.9258A-100000@j51.com>
Message-ID: <Pine.BSF.3.95.970729155042.3844p-100000@mail.MCESTATE.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 29 Jul 1997, Aaron Bornstein wrote:

=)[Cc list trimmed, I'm assuming most of those people are on the list -- AB]
=)
=)	Great, now you've effectively given everyone who sniffs your
=)connection instant root access, no extra passwords necessary.  Using
=)screen in this manner merely opens another path to root, through an
=)account not afforded anywhere near the same protection by the operating
=)system.

	If someone was sniffing my connection, then why weren't any of my
screen sessions touched?  I spend more time on the computer than most
people would.  As everyone knows, I only sleep 2-3 hours per day.

=)> another machine and tracked him down and killed his connection.  jbhunt
=)> was running a portscanner to check for any daemons running on a higher
=)> port number but didn't find any. 
=)> 
=)	Don't forget the possibility of an exisiting daemon (such as
=)telnetd or ftpd) being modified slightly to allow remote access root
=)access to a certain site or (more likely) anyone who presents the proper
=)backdoor phrase/environment variable.  [I believe JKH mentioned this
=)already]

	That is always a possibility ofcourse.  Or they can install some
daemon at a port.

=)> 	True but the problem is we wished we had console access.  If we
=)> did, none of this would even happened I think.  
=)> 
=)	Bullshit.  If console access was available, the only portion of
=)this process that would be made easier is the cleanup.  Console access
=)does not significantly raise your chances of -preventing- attacks.

	If console access was available, how would the sniffer sniff the
console?  since that would not go through the network in the first place.


Cheers,
Vince - vince@MCESTATE.COM - vince@GAIANET.NET           ________   __ ____ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
GaiaNet Corporation - M & C Estate                     / / / /  | /  | __] ]  
Beverly Hills, California USA 90210                   / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]