From owner-freebsd-security Mon Feb 19 0:53:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id 885E137B401 for ; Mon, 19 Feb 2001 00:53:23 -0800 (PST) Received: (qmail 5945 invoked by uid 1000); 19 Feb 2001 08:51:30 -0000 Date: Mon, 19 Feb 2001 10:51:30 +0200 From: Peter Pentchev To: Nevermind Cc: Carroll Kong , Brian Reichert , freebsd-security@FreeBSD.ORG Subject: Re: Remote logging Message-ID: <20010219105130.A2946@ringworld.oblivion.bg> Mail-Followup-To: Nevermind , Carroll Kong , Brian Reichert , freebsd-security@FreeBSD.ORG References: <20010218132255.L91352@numachi.com> <4.2.2.20010218133626.00c04f00@netmail.home.com> <20010218212442.A68304@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010218212442.A68304@nevermind.kiev.ua>; from never@nevermind.kiev.ua on Sun, Feb 18, 2001 at 09:24:42PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Feb 18, 2001 at 09:24:42PM +0200, Nevermind wrote: > Hello, Carroll Kong! > > On Sun, Feb 18, 2001 at 01:40:21PM -0500, you wrote: > > > That is a good idea, however, what is to stop the enemy from killing > > syslogd as his first option? I do not think syslogd logs when it gets > > killed? So, despite the secure log host, he might not get the valuable > > info he needs. I suppose you could then start speculating a break in if > > there are no more MARKs since syslogd is dead. Even that could be > > fabricated I suppose. Ugh. Security sure is tough to implement > > fully. Not trying to say you are wrong, just that I am curious how does > > one stop this possible problem? Have you found a way to avoid it? > > I sometimes think about some flag on process so that once launched it cannot be > killed without specifying password... I don't know if it will be correct to > existing process model... > > What are you thinking about that? I'd think some kind of process ACL's would be a better approach - something like 'yeah, you're root, but you don't have this-and-this capability/token/ whatever, so there!'.. I don't know how far the ACL work has progressed, and if there are any ideas to go in that direction, but ACL control over sending signals certainly sounds interesting. G'luck, Peter -- .siht ekil ti gnidaer eb d'uoy ,werbeH ni erew ecnetnes siht fI To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message