Date: Thu, 11 Jan 1996 01:18:18 +0800 (WST) From: Adrian Chadd <adrian@obiwan.aceonline.com.au> To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de> Cc: Adrian Chadd <adrian@cougar.aceonline.com.au>, Marc Slemko <marcs@znep.com>, hackers@FreeBSD.ORG, auditors@FreeBSD.ORG Subject: Re: disallow setuid root shells? Message-ID: <Pine.BSF.3.95q.960111011311.7014A-100000@obiwan.aceonline.com.au> In-Reply-To: <Mutt.19970225084429.j@uriah.heep.sax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> > . make it configurable via sysctl, > . don't turn it on by default. > Yep, and yep. > I presume you're gonna log it at auth.info, but i for sure don't wanna > see each suid program with the same notification as each login. In an > environment where you can basically trust your users, it's pointless > to log them, all you have to care is to not get breakins from outside. > > See here is the problem. External breakins are a worry, yes, but the thing is in some environments (eg shell access server at an ISP) most break attempts come from either "eleet" hacker/users who buy accounts, or hacked accounts. Most hackers see the best way is to get a shell account on the box first, THEN hack root via a wide range of exploits (from my experiance anyway). For the record, I'm mounting/usr/home, /tmp, /var/spool/mail (and anything else they have r/w access to) as non-executable, making internal exploits run on the local box nearly impossible to run (any ideas how you could overflow something in perl / *sh ? :) First I'll ahve a ply and see whats logged. Cya. Adrian Chadd <adrian@psinet.net.au>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.960111011311.7014A-100000>