From owner-freebsd-security  Fri Mar 24 19:38:45 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 191DA37B70B
	for <security@FreeBSD.ORG>; Fri, 24 Mar 2000 19:38:32 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA42009;
	Fri, 24 Mar 2000 20:38:27 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA59319; Fri, 24 Mar 2000 20:38:18 -0700 (MST)
Message-Id: <200003250338.UAA59319@harmony.village.org>
To: Brian Somers <brian@Awfulhak.org>
Subject: Re: New article 
Cc: security@FreeBSD.ORG
In-reply-to: Your message of "Fri, 24 Mar 2000 12:36:12 GMT."
		<200003241236.MAA02043@hak.lan.Awfulhak.org> 
References: <200003241236.MAA02043@hak.lan.Awfulhak.org>  
Date: Fri, 24 Mar 2000 20:38:18 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <200003241236.MAA02043@hak.lan.Awfulhak.org> Brian Somers writes:
: The same should be done to the directory itself.  Ditto for /bin, 
: /usr/bin, /sbin, /usr/sbin etc - in fact, anything that's in roots 
: path.

And /usr/lib, and all the files in the above directories (since they
can still be changed via hard links).  And all the config files that
are in /etc or /usr/local/etc.  Anything that is touched before the
security level is raised needs to be protected as well.  Don't forget
all modules.  Oh, /usr/local/sbin also appears in the default path.
Directories created under the /usr/local mountmount might be a good
way to drive a wedge in.  Also under /usr to a lessor extent.
ccdconfig is run if /etc/ccd.conf exists, but the path has it first,
so it isn't too bad.  /etc/rc.conf and /etc/defaults/rc.conf are good
ones to attack as well.  Well, all the /etc/rc* files.

If one could create a /sbin/rpc.umntall, then it would be run instead
of rpc.umntall.  Well, there are others too.

: And what about /etc/{*passwd,*pwd.db} ?  Methinks this is a large 
: can of worms !

Can't do those and still expect users to be able to change their
passwords.

Big big can of words...

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message