[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Re: Re: Re: Bind Overrun Bug and Linux (fwd)

From: Shaun <shaun lexicom ab ca>
To: linux-security redhat com
Subject: Re: [linux-security] Re: Re: Re: Re: Bind Overrun Bug and Linux (fwd)
Date: Sun, 24 May 1998 12:11:15 -0600 (MDT)

> kernel to make the kernel panic when an ethernet device goes into
> promiscuous mode.  Kind of like the James Bond theft-proof lotus, but it
> will definitely set off the alarms if you're hacked and they start up a
> sniffer that puts eth0 in promiscuous mode.

This is a good idea, but what happens if the machine is being put into
promiscuous mode for other reasons than to sniff.  I run raw tcp/udp
loggers that require it, so it would not work that good.

> As an ISP, we used to give shell to all clients...but since most clients
> signing up today don't know what telnet is, we no longer give them shell
> access unless they ask for it.  Many times, an intruder will get in after
> somehow sniffing a clients password from another network or social
> engineering.  If the account they compromise doesn't have shell, it will
> at least slow them down if not seriously limit the damage they can do.

I think a policy of NO shell access is a wise step to take.
It takes away many risks, and many man hours of having to actually watch
over the system.

> Hmm...I could try reading the source...but isn't this a job for
> securelevel?  Does the kernel currently support, via securelevel,
> prevention of module loading?  It would be nice if you could load modules,
> then bump up securelevel, and no longer be able to.  Some things can't be
> linked into the kernel.
> 
> [mod: Securelevel is not properly enforced in 2.0.33. The word
> securelevel doesn't occur anywhere in the 2.1.102 kernel. -- REW]

I thought securelevel was not properly enforced in any development or
stable kernel.  I know there have been patches put out, Phrack included
one in it's most recent issue.  Also, didn't Solar Designer include one in
his secure-linux set?

It would be nice if linux just had a working securelevel system, it is
pointless using chattr to change flags on system files, as anyone with
root can just change them back.  This demeans the whole idea of having to
boot into single user mode (which on most 4.4bsd based unixes, requires
you to have to be at the console) to change these flags.

Backup, and be safe.

PS, would someone with knowledge of *bsd securelevel systems please post
something regarding this topic.

Regads.

Follow-Ups:
- Re: [linux-security] Re: Re: Re: Re: Re: Bind Overrun Bug and Linux(fwd)
  - From: Aaron M. Ucko
- Re: [linux-security] Re: Re: Re: Re: Re: Bind Overrun Bug and Linux (fwd)
  - From: Jon Lewis
- Re: Bind Overrun Bug and Linux (fwd)
  - From: Alexander Kjeldaas

References:
- Re: [linux-security] Re: Re: Re: Bind Overrun Bug and Linux (fwd)
  - From: Jon Lewis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]