From owner-freebsd-security  Sat Jun 16 16: 6:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hunkular.glarp.com (hunkular.glarp.com [199.117.25.251])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3FEE337B401; Sat, 16 Jun 2001 16:06:40 -0700 (PDT)
	(envelope-from huntting@hunkular.glarp.com)
Received: from hunkular.glarp.com (localhost [127.0.0.1])
	by hunkular.glarp.com (8.11.3/8.11.3) with ESMTP id f5GN6Xx45201;
	Sat, 16 Jun 2001 17:06:33 -0600 (MDT)
	(envelope-from huntting@hunkular.glarp.com)
Message-Id: <200106162306.f5GN6Xx45201@hunkular.glarp.com>
To: "Crist Clark" <crist.clark@globalstar.com>
Cc: Dima Dorfman <dima@unixfreak.org>,
	Brad Huntting <huntting@glarp.com>, freebsd-gnats-submit@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole) 
In-Reply-To: Your message of "Sat, 16 Jun 2001 14:34:13 PDT."
             <3B2BD0D5.1DBC1B38@globalstar.com> 
Date: Sat, 16 Jun 2001 17:06:33 -0600
From: Brad Huntting <huntting@glarp.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> But you are right of course, the most secure way to go is raise 
> securelevel as early as possible in the boot sequence (although
> off of the top of my head, I can't think of anything besides cron(8)
> that would run non-"trusted" code).[...]

Sendmail (runs programs specified in .forward files), inetd (ftp,
telnet, etc) sshd (user shells), httpd (cgi-bin's)....  Cron's
@reboot is just the easiest one to exploit.


brad

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message