From owner-freebsd-security  Tue Jul 13 10:23:51 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 59A3115176; Tue, 13 Jul 1999 10:23:46 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id KAA79286;
	Tue, 13 Jul 1999 10:23:04 -0700 (PDT)
	(envelope-from dillon)
Date: Tue, 13 Jul 1999 10:23:04 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199907131723.KAA79286@apollo.backplane.com>
To: Robert Watson <robert@cyrus.watson.org>
Cc: Doug Rabson <dfr@nlsystems.com>,
	Mark Newton <newton@atdot.dotat.org>, Mike Tancsa <mike@sentex.net>,
	security@FreeBSD.ORG, stable@FreeBSD.ORG
Subject: Re: 3.x backdoor rootshell security hole
References:  <Pine.BSF.3.96.990713040415.14330C-100000@fledge.watson.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:> 
:> Hmm. Shouldn't we protect the contents of /boot with the schg flag?
:
:Ideally some of the directories themselves, as well as /boot, parts of
:/etc large parts of /sbin and /bin (including sh, as that gets run in
:single-user mode)...  My feeling is we should maintain a list, but not
:ship that way as it would be irritating for most of the world.  At one
:point I had a script that did some of the work, but currently due to file
:layout and the way we do config files, you end up with a fairly hobbled
:machine.  Which is, of course, the idea. :-)  I think security(8) (?)
:discusses a fair amount of this stuff.
:
:  Robert N M Watson 
:
:robert@fledge.watson.org              http://www.watson.org/~robert/

    Anyone serious enough and paranoid enough simply mounts / and /usr
    read-only, then bumps the security level up.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message