On Mon, 12 Jul 1999, Doug Rabson wrote:
> On Mon, 12 Jul 1999, Robert Watson wrote:
> ...
> > In fact, if you have permission to modify the running kernel, you may have
> > more privilege than that of a root process, with securelevels.. :-) What
> > the THC posting is really about it hiding compromises on a machine that
> > has been compromised, and leaving backdoors. The title, "Attacking
> > FreeBSD..." is a little misleading, it's more about "Trojaning FreeBSD
> > Once You Already Have Absolute Control of a Machine". And these aren't
> > even very persistent: they have to be reloaded after each boot, meaning
> > changes to configuration files, etc, etc.
>
> Also if a site is running using securelevel, even root can't load files
> into the running kernel. The attacker would have to arrange to load the
> code during startup and reboot the box (a noticable event surely).
>
> Hmm. Shouldn't we protect the contents of /boot with the schg flag?
Ideally some of the directories themselves, as well as /boot, parts of
/etc large parts of /sbin and /bin (including sh, as that gets run in
single-user mode)... My feeling is we should maintain a list, but not
ship that way as it would be irritating for most of the world. At one
point I had a script that did some of the work, but currently due to file
layout and the way we do config files, you end up with a fairly hobbled
machine. Which is, of course, the idea. :-) I think security(8) (?)
discusses a fair amount of this stuff.
Robert N M Watson
[EMAIL PROTECTED] http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Computing Laboratory at Cambridge University
Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
