From owner-freebsd-bugs  Fri Jun 15 17:40: 8 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 0ED0F37B406
	for <freebsd-bugs@hub.freebsd.org>; Fri, 15 Jun 2001 17:40:05 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.3/8.11.3) id f5G0e4B82911;
	Fri, 15 Jun 2001 17:40:04 -0700 (PDT)
	(envelope-from gnats)
Date: Fri, 15 Jun 2001 17:40:04 -0700 (PDT)
Message-Id: <200106160040.f5G0e4B82911@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Dima Dorfman <dima@unixfreak.org>
Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole) 
Reply-To: Dima Dorfman <dima@unixfreak.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/28188; it has been noted by GNATS.

From: Dima Dorfman <dima@unixfreak.org>
To: Brad Huntting <huntting@glarp.com>
Cc: freebsd-gnats-submit@FreeBSD.org, security@freebsd.org
Subject: Re: misc/28188: Cron is being started to early in /etc/rc (potential security hole) 
Date: Fri, 15 Jun 2001 17:38:37 -0700

 Brad Huntting <huntting@glarp.com> writes:
 > >Description:
 > Cron allows users to run jobs at boot time by specifying "@reboot".
 > While this is a very usefull feature, it is also a potential security
 > hole if these jobs are started before the kern.securelevel level is
 > raised.
 
 This is a general problem; cron just makes it easy to take advantage
 of.  The problem is that the securelevel is raised as late as
 possible; it is the last thing to happen in /etc/rc in -stable, and
 second to last in -current (background fsck's are started after it).
 The real solution[1] is to move the setting of securelevel up, above
 the starting of most of the non-essential daemons (e.g., sshd, cron,
 et al).  Anyone from -security care to comment on the feasibility of
 this?  Any reason why it isn't already done like this?  OpenBSD sets
 it quite early, FWIW.
 
 Thanks,
 
 					Dima Dorfman
 					dima@unixfreak.org
 
 [1] Actually, the real solution is to axe the entire concept of
 securelevel.  Of course, this won't be done until a suitable
 replacement is available (e.g., MAC).

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message