From owner-freebsd-security  Sat Jun 19 18:33:52 1999
Delivered-To: freebsd-security@freebsd.org
Received: from zip.com.au (zipper.zip.com.au [203.12.97.1])
	by hub.freebsd.org (Postfix) with ESMTP id E59F0150FC
	for <freebsd-security@FreeBSD.ORG>; Sat, 19 Jun 1999 18:33:43 -0700 (PDT)
	(envelope-from ncb@zip.com.au)
Received: from localhost (ncb@localhost)
	by zip.com.au (8.9.1/8.9.1) with ESMTP id LAA04118;
	Sun, 20 Jun 1999 11:34:29 +1000
Date: Sun, 20 Jun 1999 11:34:28 +1000 (EST)
From: Nicholas Brawn <ncb@zip.com.au>
To: Frank Tobin <ftobin@bigfoot.com>
Cc: Chris Shenton <cshenton@uucom.com>, freebsd-security@FreeBSD.ORG
Subject: Re: securelevel descr
In-Reply-To: <Pine.BSF.4.10.9906181029560.56847-100000@srh0710.urh.uiuc.edu>
Message-ID: <Pine.LNX.4.05.9906201133270.3762-100000@zipper.zip.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 18 Jun 1999, Frank Tobin wrote:

> Chris Shenton, at 11:18 on 18 Jun 1999, wrote:
> 
> > But if inetd can start daemons on priv ports, then a cracker can just
> > modify inetd.conf to start (say) "nc" on the telnet port. Or am I
> > missing something? 
> 
> chflags simmutable inetd.conf;  Need I say more? :)
> 
> chflags is a real wonder drug, IMO.

The intruder could still setup a cron job to periodically start up
the backdoor.

Nick



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message