Date: Wed, 1 Mar 2000 21:07:21 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Warner Losh <imp@village.org> Cc: Andrey Novikov <scriber@webclub.ru>, freebsd-security@FreeBSD.ORG Subject: Re: schg flag Message-ID: <Pine.NEB.3.96L.1000301210317.53787D-100000@fledge.watson.org> In-Reply-To: <200003012001.NAA96951@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 Mar 2000, Warner Losh wrote: > In message <00022921443000.05868@novikov.web2000.ru> Andrey Novikov writes: > : Hello, > : > : It seems to me that it will be more secure for my > : public server to say at least: > : > : chflags schg /bin/* > : chflags schg /sbin/* > : chflags schg /usr/bin/* > : chflags schg /usr/sbin/* > : chflags schg /usr/local/bin/* > : chflags schg /usr/local/sbin/* > : > : to prevent any troyans in my system binaries, am I wrong? > > It will make the much less likely to happen, but you've forgotten all > the /etc/rc* scripts, which can be used to drive a torjan truck > through the secure level stuff. As well as /boot, /modules, etc. Today's system is really not intended to survive root compromise. The best bet is to use 4.0, and stuff all your nasty-users in jail(). Optionally with all but a writable component of the jail mounted from a read-only file system. Ideally, once we have mandatory access control, integrity-based MAC could be used to protect in the event of compromise. (I'm just waiting for us to allow multiple mounts of a read-only file system in multiple places, currently unsupported...) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000301210317.53787D-100000>