From owner-freebsd-security Sun Sep 9 11:59:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from aries.ai.net (aries.ai.net [205.134.163.4]) by hub.freebsd.org (Postfix) with ESMTP id DC79D37B408 for ; Sun, 9 Sep 2001 11:59:26 -0700 (PDT) Received: from blood (pool-138-88-77-53.res.east.verizon.net [138.88.77.53]) by aries.ai.net (8.9.3/8.9.3) with SMTP id PAA02938; Sun, 9 Sep 2001 15:07:23 -0400 (EDT) (envelope-from deepak@ai.net) Reply-To: From: "Deepak Jain" To: "Gabriel Ambuehl" , "Giorgos Verigakis" Cc: "Kris Kennaway" , "D J Hawkey Jr" , "Alexander Langer" , Subject: RE: Re[2]: Kernel-loadable Root Kits Date: Sun, 9 Sep 2001 15:03:22 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <151193622478.20010909151642@buz.ch> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Exactly! The old security adage comes to mind -- the more useful a system is, by definition, the less secure it is. The most secure server in the world is one that is unplugged from everything and locked in a closet somewhere. Deepak Jain AiNET -----Original Message----- From: Gabriel Ambuehl [mailto:gabriel_ambuehl@buz.ch] Sent: Sunday, September 09, 2001 9:17 AM To: Giorgos Verigakis Cc: Deepak Jain; Kris Kennaway; D J Hawkey Jr; Alexander Langer; freebsd-security@FreeBSD.ORG Subject: Re[2]: Kernel-loadable Root Kits -----BEGIN PGP SIGNED MESSAGE----- Hello Giorgos, Sunday, September 09, 2001, 10:07:32 AM, you wrote: >> This user could easily edit the rc.conf file to boot up in >> securelevel=-1 and reboot the machine -- as well as circumvent >> most notifications about the reboot. > Yes, but then you can chflag schg rc.conf rc ... (or maybe the > whole /etc) Would you care to point out how I could lower the securelevel then for legitimate use (i.e. updates or changes to /etc) of the system by the administrators? Best regards, Gabriel -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBO5tdrsZa2WpymlDxAQHC5Af+OWFg0iJhixVi5CmlBe4POEc8cQmai97W aa1eCPkkNqwHZBQD3b4CGlvCIJZogH0Nv+GQcvsJECx8GHBSczbjl6E003hVTpSr JiBILeEy2pp67rKRSM4KZjqvnLKWNoHjXfrd62Hr2SqqVZ4rtOkvwviW1QWF/DCO 52erGgJU7Xp2i83JlVWi0lUZsXuwSp6IafccfNVSuWluobJLzcS8Tg9FanPbnovR /1wgY0z0lEVm/ri2rPdUGM6kKSn3h+1ORltc/c9F2WVIqleL3Z4TAZOBrbKR+0Mm 6oD2SPRti6TZ9riB/ayK+Jafhhh7AC/le55exGlSzBNVF9SR5F4AWQ== =4lFV -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message