From owner-freebsd-security Wed May 10 14:55: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id 210C337B996 for ; Wed, 10 May 2000 14:54:53 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 19647 invoked from network); 10 May 2000 21:54:49 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 10 May 2000 21:54:49 -0000 Received: (qmail 55365 invoked by uid 11109); 10 May 2000 21:54:49 -0000 Mail-Followup-To: security@freebsd.org Date: Wed, 10 May 2000 23:54:49 +0200 From: Peter van Dijk To: security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000510235449.D50484@vuurwerk.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from silby@silby.com on Wed, May 10, 2000 at 04:42:54PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 10, 2000 at 04:42:54PM -0500, Mike Silbersack wrote: [snip] > > In the long term, perhaps having a central database of all the public keys > on the system instead of authorized_keys is the correct answer. In the > meantime, I think some thought should be put to the issue of watching > root's authorized_keys - if someone kind find a way to cause some root > running daemon (say, mysql) to create an arbitrary authorized_keys, you'd > never see it happen in the security logs. Have a look at http://www.dataloss.net/papers/how.defaced.apache.org.txt to see how real the threat of a root-mysql is ;) Greetz, Peter. -- Powered by WUT? - Peter van Dijk [student:sysadmin:developer:madly in love] | `Yes, this was actually a hack and not | (petervd@|www.)vuurwerk.nl | a scritp kiddie clicking a mouse button.' | www.dataloss.net | - hackernews.com, commenting on the apache.org deface To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message