From owner-freebsd-security Thu Oct 5 6:36:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentry.granch.com (sentry.granch.com [212.109.197.55]) by hub.freebsd.org (Postfix) with ESMTP id BC0B537B502 for ; Thu, 5 Oct 2000 06:36:30 -0700 (PDT) Received: from sentry.granch.ru (IDENT:shelton@localhost [127.0.0.1]) by sentry.granch.com (8.9.3/8.9.3) with ESMTP id UAA02803; Thu, 5 Oct 2000 20:33:49 +0700 (NOVST) Message-ID: <39DC833C.7DDB0AC2@sentry.granch.ru> Date: Thu, 05 Oct 2000 20:33:48 +0700 From: "Rashid N. Achilov" Reply-To: achilov@granch.ru Organization: Granch Ltd. X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: ru, en MIME-Version: 1.0 To: Alex Prohorenko Cc: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) References: <20001004053422.8A3901F19@static.unixfreak.org> <8rhvfk$12ue$2@pandora.alkar.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alex Prohorenko wrote: > > I do not see any single problem here. > > chflags noschg /usr/bin/chpass > chown u-s /usr/bin/chpass > > Sounds pretty easy, isn't it? When securelevel 3 (or 2 too, not remember now :-( ) you, even if root, cannot unset schg flag :-) -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514 Granch Ltd. lead engineer, e-mail: achilov@granch.ru tel/fax (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message