Date: Tue, 25 Feb 1997 09:38:06 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Terry Lambert <terry@lambert.org> Cc: FreeBSD Hackers <Hackers@FreeBSD.ORG> Subject: Immutable files, a false sense of security (Re: disabling setuid , sh/csh) Message-ID: <Pine.SV4.3.95.970225092458.8264B-100000@parkplace.cet.co.jp> In-Reply-To: <199702242120.OAA25018@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Feb 1997, Terry Lambert wrote: > If you were serious, you'd set all suid files to be immutable except > in single user mode, and all non-suid executables that run as root > from inetd or cron or whatever, etc.. There's no switch exported to the sys admin as in BSDI, NETBSD, and OPENBSD, so you would need to modify the source to use it. It gives a false sense of security according to few people on this list. Has anyone tried hacking a system in "secure" mode via something like /dev/io? I wonder how much of a speed bump it would present to an attacker. > You might even want to attribute files so that the only files that > had the "can execute" attribute bit are those which were set that > way after close by the linker (which would have to be suid to do > the job). > > If you were paranoid, any command that could ever be even potentially > run by root would need to be immutable as well, since it could write > a password entry or startup yp to allow remote password exposure... etc.. > > Better to just burn your whole system onto ROM, I suppose... Regards, Mike Hancock
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.95.970225092458.8264B-100000>