From owner-freebsd-hackers Wed Feb 26 22:51:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA08668 for hackers-outgoing; Wed, 26 Feb 1997 22:51:51 -0800 (PST) Received: from obiwan.aceonline.com.au (obiwan.aceonline.com.au [203.103.90.67]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA08569; Wed, 26 Feb 1997 22:48:07 -0800 (PST) Received: from localhost (adrian@localhost) by obiwan.aceonline.com.au (8.8.5/8.8.5) with SMTP id BAA07028; Thu, 11 Jan 1996 01:18:19 +0800 (WST) Date: Thu, 11 Jan 1996 01:18:18 +0800 (WST) From: Adrian Chadd To: Joerg Wunsch cc: Adrian Chadd , Marc Slemko , hackers@FreeBSD.ORG, auditors@FreeBSD.ORG Subject: Re: disallow setuid root shells? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > . make it configurable via sysctl, > . don't turn it on by default. > Yep, and yep. > I presume you're gonna log it at auth.info, but i for sure don't wanna > see each suid program with the same notification as each login. In an > environment where you can basically trust your users, it's pointless > to log them, all you have to care is to not get breakins from outside. > > See here is the problem. External breakins are a worry, yes, but the thing is in some environments (eg shell access server at an ISP) most break attempts come from either "eleet" hacker/users who buy accounts, or hacked accounts. Most hackers see the best way is to get a shell account on the box first, THEN hack root via a wide range of exploits (from my experiance anyway). For the record, I'm mounting/usr/home, /tmp, /var/spool/mail (and anything else they have r/w access to) as non-executable, making internal exploits run on the local box nearly impossible to run (any ideas how you could overflow something in perl / *sh ? :) First I'll ahve a ply and see whats logged. Cya. Adrian Chadd