From owner-freebsd-security Wed Oct 4 17: 4:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 0640637B503; Wed, 4 Oct 2000 17:04:40 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 1035B1F0A; Wed, 4 Oct 2000 17:04:34 -0700 (PDT) Subject: Re: Re[2]: BSD chpass (fwd) In-Reply-To: <12917380571.20001004204942@buz.ch> from Gabriel Ambuehl at "Oct 4, 2000 08:49:42 pm" To: Gabriel Ambuehl Date: Wed, 4 Oct 2000 17:04:34 -0700 (PDT) Cc: Dima Dorfman , Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001005000434.1035B1F0A@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hello Dima, > > Wednesday, October 04, 2000, 12:08:59 PM, you wrote: > > of the script kid population). A really clever attacker would modify > > your securelevel settings in rc.conf, reboot the machine making it > > look like a panic or power surge > > What about setting schg for it as well? You'd just need to find a > way Then they'd go change /etc/rc. You could set most of your root filesystem, including /etc, schg, which may help, but then you'd be making your machine almost unmanagable without console access. For example, how would you fix this chpass bug if you couldn't access the console and had no way to lower the securelevel, even with a reboot? -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "If you understand everything, you must be misinformed." -- Japanese Proverb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message