Date: Fri, 24 Mar 2000 20:38:18 -0700 From: Warner Losh <imp@village.org> To: Brian Somers <brian@Awfulhak.org> Cc: security@FreeBSD.ORG Subject: Re: New article Message-ID: <200003250338.UAA59319@harmony.village.org> In-Reply-To: Your message of "Fri, 24 Mar 2000 12:36:12 GMT." <200003241236.MAA02043@hak.lan.Awfulhak.org> References: <200003241236.MAA02043@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200003241236.MAA02043@hak.lan.Awfulhak.org> Brian Somers writes:
: The same should be done to the directory itself. Ditto for /bin,
: /usr/bin, /sbin, /usr/sbin etc - in fact, anything that's in roots
: path.
And /usr/lib, and all the files in the above directories (since they
can still be changed via hard links). And all the config files that
are in /etc or /usr/local/etc. Anything that is touched before the
security level is raised needs to be protected as well. Don't forget
all modules. Oh, /usr/local/sbin also appears in the default path.
Directories created under the /usr/local mountmount might be a good
way to drive a wedge in. Also under /usr to a lessor extent.
ccdconfig is run if /etc/ccd.conf exists, but the path has it first,
so it isn't too bad. /etc/rc.conf and /etc/defaults/rc.conf are good
ones to attack as well. Well, all the /etc/rc* files.
If one could create a /sbin/rpc.umntall, then it would be run instead
of rpc.umntall. Well, there are others too.
: And what about /etc/{*passwd,*pwd.db} ? Methinks this is a large
: can of worms !
Can't do those and still expect users to be able to change their
passwords.
Big big can of words...
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003250338.UAA59319>