Date: Mon, 24 Feb 1997 18:38:44 -0700 From: Warner Losh <imp@village.org> To: "Matthew N. Dodd" <winter@jurai.net> Cc: Nate Johnson <nate@ncsu.edu>, Julian Elischer <julian@whistle.com>, adrian@obiwan.aceonline.com.au, jehamby@lightside.com, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <E0vzBqu-0005Sc-00@rover.village.org> In-Reply-To: Your message of "Mon, 24 Feb 1997 20:14:15 EST." <Pine.BSI.3.95.970224201136.12054F-100000@sasami.jurai.net> References: <Pine.BSI.3.95.970224201136.12054F-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSI.3.95.970224201136.12054F-100000@sasami.jurai.net> "Matthew N. Dodd" writes: : On Mon, 24 Feb 1997, Nate Johnson wrote: : > %well the security audit should pick up any new suid files each night, : > Except the case where the hacker truly knows what they're doing, in which : > case, the security audit will be worthless. root can modify any files he : > wants, including the database used to compare suid files against. =( : : Tripwire suggests storing the file signature database on a hardware : protected read only device. Say a SCSI drive with WP on. : : I'm not that paranoid so running in secure level 1 with the database set : schg is good enough for me. Our next router will boot off a floppy drive and will log to another system. The floppy will be write protected. Only console logins will be allowed. We'll likely run at security level 2 once we come up, if the dynamic interfaces we have on the router will allow that. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vzBqu-0005Sc-00>