From owner-freebsd-security Tue Jun 1 22:47:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from ewok.creative.net.au (ewok.creative.net.au [203.30.44.41]) by hub.freebsd.org (Postfix) with SMTP id 0C56114C82 for ; Tue, 1 Jun 1999 22:47:26 -0700 (PDT) (envelope-from adrian@freebsd.org) Received: (qmail 12311 invoked by uid 1008); 2 Jun 1999 05:47:24 -0000 Message-ID: <19990602054724.12309.qmail@ewok.creative.net.au> From: adrian@freebsd.org To: Andrew Kenneth Milton Cc: freebsd-security@freebsd.org Subject: Re: Shell Account system In-reply-to: Your message of "Wed, 02 Jun 1999 11:47:27 +1000." <199906020147.LAA21482@mail.theinternet.com.au> Date: Wed, 02 Jun 1999 13:47:23 +0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew Kenneth Milton writes: >+----[ Bruce Campbell ]--------------------------------------------- >| On Tue, 1 Jun 1999, Cain wrote: >| >| > In addition to tripwire, monitor the existence of all SUID programs, when >| > new ones appear make sure you know about it. BTW, ircd is usually SUID, so >| > if a user of yours sets that up it's normal. But then how do you know a >| > hacker just hasn't named his root shell ircd... so monitor the sizes of >| > new SUID programs >| >| Possibly putting my foot in my mouth here, but *why* would ircd need to be >| SUID to anyone? It commonly runs at the high ports (6667) and thus does >| not need root for that. >| >| If you want a specific ircd user to run ircd (either by script or by >| respawning from init), I don't see a need for the ircd binary to be SUID >| to anyone (executable only be that user yes, SUID no) >| >| Or am I missing something here? > >It's normally suid because the conf files are readable only by the >'owner' -- it's also suid to limit the damage you can do, normally >you setup an 'irc' account and make it suid that. I'm oing to look at phk's jail stuff soon in application for a shell server, but right now, the king shell server I ran has /usr/home , /tmp (which is also /var/tmp) mounted noexec, nosuid, nosgid. The worst thing in the world you can ever do is allow users to compile/run their own binaries. If a user wants something installed, then I'll damn well compile it and install it for *all* to use. Adrian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message