Date: Tue, 25 Feb 1997 06:43:34 +0800 (WST) From: Adrian Chadd <adrian@cougar.aceonline.com.au> To: Nate Johnson <nate@ncsu.edu> Cc: Julian Elischer <julian@whistle.com>, jehamby@lightside.com, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <Pine.LNX.3.93.970225064152.11428A-100000@cougar.aceonline.com.au> In-Reply-To: <9702242229.AA03727@biohazard.csc.ncsu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Feb 1997, Nate Johnson wrote: > %well the security audit should pick up any new suid files each night, > > Except the case where the hacker truly knows what they're doing, in which > case, the security audit will be worthless. root can modify any files he > wants, including the database used to compare suid files against. =( > An extension of what I said before - what about logging ALL setuid programs? And not in the program source (of course), but in the kernel? Tis just an idea. Btw - yes I know adduser isn't suid, sorry, I just woke up .. now I've had my coffee things are clearer. :) Adrian Chadd <adrian@psinet.net.au>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.93.970225064152.11428A-100000>