200 messages in org.freebsd.freebsd-securityRe: securelevel (was: Re: security ho...| From | Sent On | Attachments |
|---|---|---|
| 100 earlier messages | ||
| Brian Buchanan | Jul 28, 1997 7:52 pm | |
| John Dowdal | Jul 28, 1997 8:29 pm | |
| Annelise Anderson | Jul 28, 1997 8:41 pm | |
| Nate Williams | Jul 28, 1997 9:09 pm | |
| Vincent Poy | Jul 28, 1997 9:12 pm | |
| Vincent Poy | Jul 28, 1997 9:15 pm | |
| Vincent Poy | Jul 28, 1997 9:19 pm | |
| Heikki Suonsivu | Jul 28, 1997 9:33 pm | |
| Jan Koum | Jul 28, 1997 9:39 pm | |
| Vincent Poy | Jul 28, 1997 9:49 pm | |
| Jordan K. Hubbard | Jul 28, 1997 10:05 pm | |
| Vincent Poy | Jul 28, 1997 10:14 pm | |
| Gary Palmer | Jul 28, 1997 10:27 pm | |
| Gary Palmer | Jul 28, 1997 10:28 pm | |
| Vincent Poy | Jul 28, 1997 10:35 pm | |
| Vincent Poy | Jul 28, 1997 10:37 pm | |
| John-David Childs | Jul 28, 1997 10:38 pm | |
| Gary Palmer | Jul 28, 1997 10:40 pm | |
| Vincent Poy | Jul 28, 1997 10:44 pm | |
| Gary Palmer | Jul 28, 1997 10:50 pm | |
| Vincent Poy | Jul 28, 1997 10:55 pm | |
| Jordan K. Hubbard | Jul 28, 1997 10:59 pm | |
| Vincent Poy | Jul 28, 1997 11:01 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:07 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:11 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:16 pm | |
| Sergei S. Laskavy | Jul 29, 1997 12:13 am | |
| John-David Childs | Jul 29, 1997 2:09 am | |
| Narvi | Jul 29, 1997 2:48 am | |
| Stephen D. Spencer | Jul 29, 1997 3:43 am | |
| Robert Watson | Jul 29, 1997 5:32 am | |
| Adam Shostack | Jul 29, 1997 5:49 am | |
| Robert Watson | Jul 29, 1997 6:39 am | |
| Nate Williams | Jul 29, 1997 7:19 am | |
| Rodney W. Grimes | Jul 29, 1997 8:58 am | |
| Warner Losh | Jul 29, 1997 9:25 am | |
| Warner Losh | Jul 29, 1997 9:34 am | |
| Christopher Petrilli | Jul 29, 1997 9:52 am | |
| Jim Shankland | Jul 29, 1997 9:57 am | |
| John Dowdal | Jul 29, 1997 10:50 am | |
| Poul-Henning Kamp | Jul 29, 1997 12:05 pm | |
| Bill Pechter | Jul 29, 1997 12:29 pm | |
| Matthew Hunt | Jul 29, 1997 12:37 pm | |
| Christopher Petrilli | Jul 29, 1997 12:43 pm | |
| [Mario1-] | Jul 29, 1997 1:07 pm | |
| Garrett Wollman | Jul 29, 1997 1:07 pm | |
| [Mario1-] | Jul 29, 1997 1:14 pm | |
| sth...@nethelp.no | Jul 29, 1997 1:39 pm | |
| Jordan K. Hubbard | Jul 29, 1997 2:23 pm | |
| Vincent Poy | Jul 29, 1997 2:45 pm | |
| Vincent Poy | Jul 29, 1997 2:57 pm | |
| Vincent Poy | Jul 29, 1997 3:02 pm | |
| sth...@nethelp.no | Jul 29, 1997 3:30 pm | |
| Rocco Lucia | Jul 29, 1997 3:33 pm | |
| Vincent Poy | Jul 29, 1997 3:44 pm | |
| Aaron Bornstein | Jul 29, 1997 3:44 pm | |
| Vincent Poy | Jul 29, 1997 3:54 pm | |
| Vincent Poy | Jul 29, 1997 4:00 pm | |
| Jay D. Nelson | Jul 29, 1997 5:29 pm | |
| Adam Shostack | Jul 29, 1997 6:06 pm | |
| Gary Schrock | Jul 29, 1997 6:10 pm | |
| Adam Shostack | Jul 29, 1997 6:11 pm | |
| Michael Smith | Jul 29, 1997 6:54 pm | |
| Jay D. Nelson | Jul 29, 1997 7:58 pm | |
| Jay D. Nelson | Jul 29, 1997 8:10 pm | |
| Michael Smith | Jul 29, 1997 8:25 pm | |
| Marco Molteni | Jul 30, 1997 5:04 am | |
| James Seng | Jul 30, 1997 5:31 am | |
| Alex G. Bulushev | Jul 30, 1997 5:59 am | |
| Vincent Poy | Jul 30, 1997 6:45 am | |
| Robert Watson | Jul 30, 1997 7:03 am | |
| Nate Williams | Jul 30, 1997 7:48 am | |
| Vincent Poy | Jul 30, 1997 7:54 am | |
| Nate Williams | Jul 30, 1997 8:06 am | |
| Nate Williams | Jul 30, 1997 8:13 am | |
| Vincent Poy | Jul 30, 1997 8:28 am | |
| Vincent Poy | Jul 30, 1997 8:33 am | |
| zoonie | Jul 30, 1997 9:09 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:25 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:31 am | |
| John-David Childs | Jul 30, 1997 10:17 am | |
| Ian Kallen | Jul 30, 1997 10:37 am | |
| Patrick Gilbert | Jul 30, 1997 11:43 am | |
| Jay D. Nelson | Jul 30, 1997 1:52 pm | |
| [Mario1-] | Jul 30, 1997 2:06 pm | |
| Jordan K. Hubbard | Jul 30, 1997 3:53 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:04 pm | |
| yossman | Jul 30, 1997 4:20 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:24 pm | |
| Peter Korsten | Jul 30, 1997 4:43 pm | |
| Michael Smith | Jul 30, 1997 8:01 pm | |
| Cy Schubert | Jul 30, 1997 9:10 pm | |
| FreeBSD Technical Reader | Jul 30, 1997 11:18 pm | |
| Marco Molteni | Jul 31, 1997 5:24 am | |
| yossman | Jul 31, 1997 9:00 am | |
| Adam Shostack | Jul 31, 1997 9:19 am | |
| Marc Slemko | Jul 31, 1997 11:23 am | |
| Andrew | Aug 1, 1997 10:00 pm | |
| Dmitry Kohmanyuk | Aug 1, 1997 10:32 pm | |
| Philippe Regnauld | Aug 2, 1997 1:46 pm | |
| Subject: | Re: securelevel (was: Re: security hole in FreeBSD) | |
|---|---|---|
| From: | Vincent Poy (vin...@mail.MCESTATE.COM) | |
| Date: | Jul 29, 1997 2:45:50 pm | |
| List: | org.freebsd.freebsd-security | |
On Tue, 29 Jul 1997, Robert Watson wrote:
=)On Mon, 28 Jul 1997, Vincent Poy wrote: =) =)> On Mon, 28 Jul 1997, Brian Buchanan wrote: =)> =)> =)Uh, that would defeat the purpose of securelevel. It's not supposed to be =)> =)possible to ever lower it, except when dropping into single-user mode, and =)> =)even allowing init to do so in that instance is risky IMHO - a few months =)> =)ago I reported a hole, which I believe was fixed, that made it possible to =)> =)lower the securelevel by attaching a debugger to init. Even though that's =)> =)plugged now, it's still possible that there's another way to fool the =)> =)kernel into thinking that process 1 is requesting that securelevel be =)> =)lowered. =)> =)> Anything is possible since nothing is unhackable. Would running =)> init at securelevel 2 and then have it reboot multi-user at a lower level =)> be possible? =) =)I disagree with the assertation that nothing is unhackable. My toaster is =)unhackable. :) Depending on how you define hack, of course. But in a =)similar vein: you say you have been carefully following the latest version =)releases, and patching all known bugs. That is not sufficient. A site =)needs a good security policy as well as patching known bugs. For example, =)you should have been using ssh the entire time, and have copied the public =)keys for the hosts to your client machine using sneaker-net. Sending any =)unencrypted data to/from a host, especially sensitive information like the =)root password, is an extremely bad idea.
You would think your toaster is unhackable. So is a Leica camera lens but they still have ways to hack it. Also, just for your information, the root password isn't even used that often. It is only used every time the machine boots up since I run screen and I am connected 24 x7 and reattach the screen session when necessary.
=)Similarly, careful analysis of the trust relationships between the =)machines and accounts on the machines is important -- constructing a bad =)DNS structure can invalidate your whole security design, as if DNS is =)corrupted, all the .rhosts stuff is vulnerable. Ideally, you would only =)use .rhosts in combination with SSH, and then make sure that the =)appropriate keys are in /etc/ssh_whatever, and deny connections that did =)not match the predefined keys of all hosts. Key distribution is one of =)the big downsides to SSH, but floppy disks can help here.
I was considering installing ssh but there is only one problem. I use Win95 from my own side at times for various reasons as well as the other remote admins. So a ssh client does cost money. We're volunteers and are not getting paid in any shape or form.
=)Applications like web servers may themselves represent no immediate or =)known security problems, but often-times web servers use third party CGI =)programs, available publicly in source, or written by a third party for =)the web server. Many web programs are notoriously sloppy (or ignorant), =)and this has not been helped by the release of a number of CGI programming =)books that haven't even touched on the issue of security. It has been =)shown time and time again that greater access for an attacker increases =)risk, and most CGI bugs allow shell access to the host, albeit as www or =)nobody. Even those are problematic. And once someone is in to the =)system, they can get around simple solutions like disabling inetd. In 15 =)seconds, I can compile and run a daemon that lets me back into an account =)on a higher port number, and unless you know your tools are good, and how =)to use them, you won't be able to tell. I certainly won't appear in the =)logs. :)
That's true but I am logged on 10 times also and you would only see me logged in for once idled 4 days when I wasn't even idle for 2 seconds. Those aren't in the logs either. That's why when this hacker was talking to jbhunt, he deleted netstat but I managed to get it from another machine and tracked him down and killed his connection. jbhunt was running a portscanner to check for any daemons running on a higher port number but didn't find any.
=)In the case of someone else's machine, you probably can't do anything to =)get rid of the CGI problems, so that really leaves you with just =)minimizing the risks in the OS. You've already touched on SUID programs =)-- as many as possible should be disabled. If you have console access, =)just disable root also, as you can login as root directly. Most programs =)do not require suid, if you don't mind administrating as root. Su'ing to =)root is clearly a risky activity, especially if you're logged in =)unencrypted. Setting a high secure-level, as well as mounting all file =)systems w/o setuid support, can make a big difference. Mount all file =)systems but root as nodev, and things should move along some also.
True but the problem is we wished we had console access. If we did, none of this would even happened I think.
Cheers, Vince - vin...@MCESTATE.COM - vin...@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]