Date: Sun, 5 Jul 1998 22:06:51 +0000 From: Niall Smart <rotel@indigo.ie> To: andrew@squiz.co.nz (Andrew McNaughton), security@FreeBSD.ORG Subject: Re: bsd securelevel patch question Message-ID: <199807052106.WAA04694@indigo.ie> In-Reply-To: andrew@squiz.co.nz (Andrew McNaughton) "Re: bsd securelevel patch question" (Jul 3, 4:26am)
next in thread | raw e-mail | index | archive | help
On Jul 3, 4:26am, Andrew McNaughton wrote: } Subject: Re: bsd securelevel patch question > >Eh? If ssh/smtp/inetd bind to the port you won't be able to, no > >matter how often you try. > > Unless the server is restarted for some reason. hence the rapid cron job > which will eventually succeed if not detected first. Well, this should be detected, and is easily detectable. > >And you won't be able to steal keys > >by hijacking sshd. > > If the trojan gets to tell the other end what public key to use, then of > course it can get at the data stream. This is equally true with > routing/man-in-the-middle attacks. Yes, you could get at the data stream, but thats an implication of having a network service compromised, you can't get the keys though; but you probably don't care at that stage. > I don't know enough about TCP/IP details to know if this makes sense, but > perhaps you could use these as more than just flags and allow programmers > to bind to the socket by just opening the appropriate device file. ie > > #!/usr/local/bin/perl > open (SMTP, "</dev/socket/tcp/25"); portalfs does something very similar to this AFAIK. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807052106.WAA04694>