Date: Mon, 24 Feb 1997 22:36:40 +0100 From: Eivind Eklund <eivind@dimaga.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: Warner Losh <imp@village.org>, Julian Elischer <julian@whistle.com>, Adrian Chadd <adrian@obiwan.aceonline.com.au>, Jake Hamby <jehamby@lightside.com>, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <3.0.32.19970224223639.00b243d0@dimaga.com>
next in thread | raw e-mail | index | archive | help
At 01:22 PM 2/24/97 -0800, Jordan K. Hubbard wrote: >> I think that I like this better. There are many people that use a >> setuid/setgid shell program to allow access to other programs on the >> system. At least this was true before sudo and friends. > >I could also live with this. I have thought a bit more about >supporting the exit-on-suid shell hack, and I have to also agree with >some of the folks who point out that it really *would* violate POLA >and veer dangerously close to just breaking something in support of >arbitrary principles rather than good engineering. Feh. This is >clearly one of those issues with lots of pros-and-cons on either >side. :-) > >How about if we be conservative and just add logging for now? :-) I actually think logging could be much more effective than just exiting - with logging (especially remote logging) you'd actually have a trace of how the intruder got in, and standard exploits would probably still use /bin/sh to give a root shell (they're usually made to demonstrate a point, not to create good intruder tools). Any luser that use a standard exploit will end up in the log file on another host *grin*. I'd really like it to log the remote address for the session if available - nice to have for a later manhunt... Eivind Eklund perhaps@yes.no http://maybe.yes.no/perhaps/ eivind@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.32.19970224223639.00b243d0>