From owner-freebsd-security Wed Oct 4 15:46:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id BAD7F37B502 for ; Wed, 4 Oct 2000 15:46:09 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id RAA02750; Wed, 4 Oct 2000 17:46:07 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-110.max1.wa.cyberlynk.net(207.227.118.110) by peak.mountin.net via smap (V1.3) id sma002748; Wed Oct 4 17:45:41 2000 Message-Id: <4.3.2.20001004173510.00afd880@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Wed, 04 Oct 2000 17:39:42 -0500 To: Dima Dorfman From: "Jeffrey J. Mountin" Subject: Re: BSD chpass (fwd) Cc: security@FreeBSD.ORG In-Reply-To: <20001004100859.33A4A1F0A@static.unixfreak.org> References: <20001004023249.B76230@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:08 AM 10/4/00 -0700, Dima Dorfman wrote: >IMO, the bottom line is, schg can only prevent an attacker if they >don't have a good understanding of the system (which accounts for most >of the script kid population). A really clever attacker would modify >your securelevel settings in rc.conf, reboot the machine making it >look like a panic or power surge (if they know you exclusivly access >it remotly), fool around, then change it back. Tripwire on a r/o disk >would tell you about it, but you can't do that remotly unless you plan >on never touching any system binaries. Or am I missing something? And why wouldn't you protect /etc as well. Then one would rely on physical security to change the security settings. A real PITA for remote systems, but even that could be worked around with some care to allow changes (reboot still required) and protect the system. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message