Date: Mon, 15 Jun 1998 16:39:06 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Eivind Eklund <eivind@yes.no> Cc: Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG Subject: Re: bsd securelevel patch question Message-ID: <199806152039.QAA26276@khavrinen.lcs.mit.edu> In-Reply-To: <19980615130652.61198@follo.net> References: <E0ylKaT-0001Nb-00@oak71.doc.ic.ac.uk> <199806151059.KAA13992@ns1.yes.no> <19980615130652.61198@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 15 Jun 1998 13:06:52 +0200, Eivind Eklund <eivind@yes.no> said: > remove the immutable flag, so that is _truly_ pointless. It doesn't > even slow down an attacker. In the past, it certainly has done so. Remember that most kiddie-crackers are totally clueless -- if the version of r00tkit they're running doesn't know how to do it, they don't either. Just the same, my ``public'' machine (xyz.lcs.mit.edu, which is supposed to be one of the ftp?.freebsd.org, but no matter how many times I mention it to DG it never happens; also cvsup3.freebsd.org) has historically run with lots of interesting directories append-only, important files immutable, and securelevel 2. Of course, it also doesn't run sendmail -bd, lpd, or most of the stuff from inetd. (It does run portmap -- which should be optional -- because I never bothered to hack /etc/rc to make it configurable.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806152039.QAA26276>