OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: BSD chpass (fwd)
From: Dima Dorfman (dimaunixfreak.org)
Date: Wed Oct 04 2000 - 19:13:59 CDT

> On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote:
> > <<On Wed, 4 Oct 2000 02:32:49 -0700, Kris Kennaway <krisFreeBSD.ORG> said:
> >
> > > I think you're right. Which is a good reason why your /usr/bin should
> > > be schg too ;-)
> >
> > Actually, sappnd on all the directories which might be in (or on the
> > way to) root's path would be enough.
>
> Except you can still just mount a doctored copy over the top of it
> :-)

Actually, now that I think about it, this can be detered to a certain
point. If you're running with securelevel >= 2, you can't load KLDs,
and you can't run newfs. What would you mount? A vn device? Nope,
unless the KLD is already loaded. A floppy? If you have physical
access, you have better alternatives. You'd probably have to unmount
another live filesystem and mount it in that place. Depending on what
it is, you may have to erase some files on it, which isn't something
which would go unnoticed by the admin. Then you have MFS and md, but
those may not be in the kernel (and again, no KLDs). Maybe NFS. What
else? 

-- 
Dima Dorfman <dimaunixfreak.org>
Finger dimaunixfreak.org for my public PGP key.

"Don't talk about yourself, it will be done when you leave."
	-- Wilson Mizner

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message