From owner-freebsd-security  Fri Jun 18  8:30:53 1999
Delivered-To: freebsd-security@freebsd.org
Received: from srh0710.urh.uiuc.edu (srh0710.urh.uiuc.edu [130.126.76.32])
	by hub.freebsd.org (Postfix) with SMTP id 1AC7214D50
	for <freebsd-security@FreeBSD.ORG>; Fri, 18 Jun 1999 08:30:49 -0700 (PDT)
	(envelope-from ftobin@bigfoot.com)
Received: (qmail 56882 invoked by uid 1000); 18 Jun 1999 15:30:49 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 18 Jun 1999 15:30:49 -0000
Date: Fri, 18 Jun 1999 10:30:49 -0500 (CDT)
From: Frank Tobin <ftobin@bigfoot.com>
X-Sender: ftobin@srh0710.urh.uiuc.edu
To: Chris Shenton <cshenton@uucom.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: securelevel descr
In-Reply-To: <lfn1xxfsgl.fsf@Samizdat.uucom.com>
Message-ID: <Pine.BSF.4.10.9906181029560.56847-100000@srh0710.urh.uiuc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Chris Shenton, at 11:18 on 18 Jun 1999, wrote:

> But if inetd can start daemons on priv ports, then a cracker can just
> modify inetd.conf to start (say) "nc" on the telnet port. Or am I
> missing something? 

chflags simmutable inetd.conf;  Need I say more? :)

chflags is a real wonder drug, IMO.

-- 
Frank Tobin			"To learn what is good and what is to be
http://www.bigfoot.com/~ftobin	 valued, those truths which cannot be
				 shaken or changed." Myst: The Book of Atrus
FreeBSD: The Power To Serve

PGPenvelope = GPG and PGP5 + Pine             PGP:  4F86 3BBB A816 6F0A 340F
http://www.bigfoot.com/~ftobin/resources.html       6003 56FF D10A 260C 4FA3



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message