Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!odin.oar.net!malgudi.oar.net!imci4!newsfeed.internetmci.com!in2.uu.net!news.ios.com!rk.ios.com!rashid
From: rashid@rk.ios.com (Rashid Karimov)
Newsgroups: comp.unix.bsd.bsdi.misc
Subject: Re: BSDI security
Date: 9 Aug 1996 15:55:57 GMT
Organization: Internet Online Services
Lines: 42
Message-ID: <4ufn2d$rgc@news.ios.com>
References: <Pine.BSI.3.94.960805093815.17110A-100000@picard.chickasaw.com>
NNTP-Posting-Host: rk.ios.com
X-Newsreader: TIN [version 1.2 PL2]
Shawn McMahon (smcmahon@chickasaw.com) wrote:
: Does anyone know of a way that a person could su himself to root on a
: BSDI system, without having his name in the "wheel" group?
: Whether with or without knowledge of the root password, is there a way?
They were/are a lots of ways to break into any
system , including BSDI. To put it in short words :
this is what Unix security is about.
: And, is there a defense?
: On the system in question, no terminals are marked "secure" except the
: console entries. It's unlikely that the root password got out, although
: it is of course possible.
Hackers usually break into the system using other ways,
Get yourself book on generic Unix security - O'Reilly
has some, subscribe and read thru CERT advisories ,
get rid of setuid bits in files your never use , mount users
homes with No-SUID or No-exec , wrap up services with
tcpwrappers, write logs to secure machine etc .
: Shawn McMahon | Smokesignals Computer Company
: Senior System Operator | Southern Oklahoma's Internet Service Provider
: Chickasaw Nation Net | 405 332-0033 http://www.chickasaw.com
--
------------------
Beyond the horizon of the place we lived when we were young
In the world of magnets and miracles
Our thoughts strayed constantly and without boundary
The ringing of the division bell had begun ...
-=PF, The Division Bell=-