Date: Fri, 09 Feb 2001 12:50:54 -0800 From: Nick Sayer <nsayer@quack.kfu.com> To: Greg Black <gjb@gbch.net> Cc: kris@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: /etc/security: add md5 to suid change notification? Message-ID: <3A84582E.3000702@quack.kfu.com> References: <200102082355.f18NtfF89134@medusa.kfu.com> <nospam-3a8342fd530fe03@maxim.gbch.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Black wrote: > Nick Sayer wrote: > >> Would it generally be viewed as helpful to add the option of reporting >> the md5 for the files listed in /var/log/setuid.*? > > > I don't see the benefit in this if either the md5 binary or the > comparison file are on writable storage (which is almost always > going to be true). Then why bother checking at all? Someone can trojan ls, or even easier, arrange to trojan suid binaries without changing the things that show up in that listing. Besides, security conscious folks could set the immutable flag for md5 and/or the comparison file (and probably sh and ls while they're at it) if they like. For the point kris made, I'm not sure he understood what I was suggesting -- I'm not suggesting just printing the md5 of the files when you notice they've changed, but adding the md5 as another trigger for deciding which files have changed. Adding it as a field in /var/log/setuid.* would achieve this end. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A84582E.3000702>