From owner-freebsd-security Wed Mar 1 18: 6:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id C186E37BEC8 for ; Wed, 1 Mar 2000 18:06:24 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id VAA54217; Wed, 1 Mar 2000 21:07:21 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Wed, 1 Mar 2000 21:07:21 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Warner Losh Cc: Andrey Novikov , freebsd-security@FreeBSD.ORG Subject: Re: schg flag In-Reply-To: <200003012001.NAA96951@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Mar 2000, Warner Losh wrote: > In message <00022921443000.05868@novikov.web2000.ru> Andrey Novikov writes: > : Hello, > : > : It seems to me that it will be more secure for my > : public server to say at least: > : > : chflags schg /bin/* > : chflags schg /sbin/* > : chflags schg /usr/bin/* > : chflags schg /usr/sbin/* > : chflags schg /usr/local/bin/* > : chflags schg /usr/local/sbin/* > : > : to prevent any troyans in my system binaries, am I wrong? > > It will make the much less likely to happen, but you've forgotten all > the /etc/rc* scripts, which can be used to drive a torjan truck > through the secure level stuff. As well as /boot, /modules, etc. Today's system is really not intended to survive root compromise. The best bet is to use 4.0, and stuff all your nasty-users in jail(). Optionally with all but a writable component of the jail mounted from a read-only file system. Ideally, once we have mandatory access control, integrity-based MAC could be used to protect in the event of compromise. (I'm just waiting for us to allow multiple mounts of a read-only file system in multiple places, currently unsupported...) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message