Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Oct 2000 17:13:59 -0700 (PDT)
From:      Dima Dorfman <dima@unixfreak.org>
To:        Kris Kennaway <kris@FreeBSD.org>
Cc:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Kris Kennaway <kris@FreeBSD.ORG>, Dima Dorfman <dima@unixfreak.org>, Alfred Perlstein <bright@wintelcom.net>, Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG
Subject:   Re: BSD chpass (fwd)
Message-ID:  <20001005001359.835C11F0A@static.unixfreak.org>
In-Reply-To: <20001004121701.C73561@freefall.freebsd.org> from Kris Kennaway at "Oct 4, 2000 12:17:01 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote:
> > <<On Wed, 4 Oct 2000 02:32:49 -0700, Kris Kennaway <kris@FreeBSD.ORG> said:
> > 
> > > I think you're right. Which is a good reason why your /usr/bin should
> > > be schg too ;-)
> > 
> > Actually, sappnd on all the directories which might be in (or on the
> > way to) root's path would be enough.
> 
> Except you can still just mount a doctored copy over the top of it
> :-)

Actually, now that I think about it, this can be detered to a certain
point.  If you're running with securelevel >= 2, you can't load KLDs,
and you can't run newfs.  What would you mount?  A vn device?  Nope,
unless the KLD is already loaded.  A floppy?  If you have physical
access, you have better alternatives.  You'd probably have to unmount
another live filesystem and mount it in that place.  Depending on what
it is, you may have to erase some files on it, which isn't something
which would go unnoticed by the admin.  Then you have MFS and md, but
those may not be in the kernel (and again, no KLDs).  Maybe NFS.  What
else?

-- 
Dima Dorfman <dima@unixfreak.org>
Finger dima@unixfreak.org for my public PGP key.

"Don't talk about yourself, it will be done when you leave."
	-- Wilson Mizner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005001359.835C11F0A>