From owner-freebsd-security  Wed Oct  4  2:28: 1 2000
Delivered-To: freebsd-security@freebsd.org
Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139])
	by hub.freebsd.org (Postfix) with ESMTP
	id 72FC937B66C; Wed,  4 Oct 2000 02:27:58 -0700 (PDT)
Received: by static.unixfreak.org (Postfix, from userid 1000)
	id 335931F0A; Wed,  4 Oct 2000 02:27:58 -0700 (PDT)
Subject: Re: BSD chpass (fwd)
In-Reply-To: <20001004021948.A76230@freefall.freebsd.org> from Kris Kennaway
 at "Oct 4, 2000 02:19:48 am"
To: Kris Kennaway <kris@FreeBSD.org>
Date: Wed, 4 Oct 2000 02:27:58 -0700 (PDT)
Cc: Alfred Perlstein <bright@wintelcom.net>,
	Kris Kennaway <kris@FreeBSD.ORG>, Dima Dorfman <dima@unixfreak.org>,
	Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG
From: Dima Dorfman <dima@unixfreak.org>
Reply-To: dima@unixfreak.org
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20001004092758.335931F0A@static.unixfreak.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> On Wed, Oct 04, 2000 at 02:16:59AM -0700, Alfred Perlstein wrote:
> > * Kris Kennaway <kris@FreeBSD.ORG> [001004 02:15] wrote:
> > > On Wed, Oct 04, 2000 at 02:14:26AM -0700, Kris Kennaway wrote:
> > > > On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote:
> > > > > > For those not subscribed to bugtraq, it's time to remove the suid bit on
> > > > > > chpass.
> > > > > 
> > > > > Unfortunatly it isn't that easy if you're running with securelevel > 0
> > > > > since chpass is installed with the schg (system immutable) flag on by
> > > > > default.  Oh well, guess it's time to reboot some hosts.  :-/
> > > > 
> > > > mv it into a mode 000 directory :-)
> > > 
> > > Oops, can't do that. Reboot :)
> > 
> > Can you mount something over it?
> 
> Hmm, now that null mounts work in -current you could, actually - make a
> copy of /usr/bin except for chpass in say /usr/bin2 and null mount
> it

Actually, I think you can do it without null mounts.  mv /usr/bin
/usr/bin2, chmod 000 /usr/bin2, then remake /usr/bin (without chpass,
of course).

> on /usr/bin. Except securelevel disallows mounts, I think :)

In securelevel >= 2, you can't open a disk for writing unless you're
mount(2).  I don't know much about null mounts, so I don't know if
that will prevent them from working.

-- 
Dima Dorfman <dima@unixfreak.org>
Finger dima@unixfreak.org for my public PGP key.

"War doesn't determine who's right, it determines who's left."
        -- Confuscious


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message