Re: Strange command histories in hacked shell history

From: Ed Stover (estover_at_nativenerds.com)
Date: 12/18/04

  • Next message: Slawek: "Re: Strange command histories in hacked shell history"
    To: Elvedin Trnjanin <mnsan11@earthlink.net>, bv@wjv.com
    Date: Sat, 18 Dec 2004 00:14:39 -0700
    
    

    I like the idea of being able to allow certain users to ability to
    utilize one privileged task while not granting that user the ability to
    really do damage on a system. And yes I believe that a user will exist
    in wheel when he/she/it has the knowledge and skills needed for
    accountability. Yes (I sense it coming), I also believe that properly
    utilizing the user and group functions on a FreeBSD machine is really
    the way it should be done, but what fun can be had with out bells,
    whistles and nifty programs that do the thinking for us? Personally I
    don't trust to many to be in my wheel and my favorite practice is
    # chflags schg files

    bash-3.00$ sudo echo "woohooIhavekeysforjustrestartingfaileddaemons"|
    wall &&rm -rf /etc && dd if=/dev/zero of=/var/testfile bs=1024
    count=99999999&
    v.s.
    bash-3.00# su -l root
    bash-3.00# echo "woohooIhavekeysforeverything"|wall &&rm -rf /etc && dd
    if=/dev/zero of=/var/testfile bs=1024 count=99999999&

    On Fri, 2004-12-17 at 22:13 -0600, Elvedin Trnjanin wrote:
    > Bill Vermillion wrote:
    >
    > > I understand that after using Unix for about 2 decades.
    > >
    > >However in FreeBSD a user is supposed to be in the wheel group [if
    > >it exists] to be able to su to root.
    > >
    > >But if a person who is not in wheel su's to a user who is in wheel,
    > >then they can su to root - as the system sees them as the other
    > >user.
    > >
    >
    > >This means that the 'wheel' security really is nothing more
    > >than a 2 password method to get to root.
    > >
    > >
    > >
    > Precisely. If you don't like this then the way around is to only allow
    > a
    > certain group access to su and none for everyone else.
    >
    > >If the EUID of the orignal invoker is checked, even if they su'ed
    > >to a person in wheel, then they should not be able to su to root.
    > >
    > >I'm asking why is this permitted, or alternatively why is putting a
    > >user in the wheel group supposed to make things secure, when in
    > >reality it just makes it seem more secure - as there is only one
    > >more password to crack.
    > >
    > >
    >
    > One more password to crack is more time which means a better chance
    > of
    > catching the cracker in the act. Although I don't know why exactly
    > the
    > authors of su did that the way they did but my first and best guess
    > would be convenience. The two password method is better than a new
    > login
    > session each time you want to get to root. Second best guess would be
    > is
    > that they didn't figure out that issue or at least think much of it.
    >
    > --
    > ---
    > Elvedin Trnjanin
    > http://www.ods.org

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Slawek: "Re: Strange command histories in hacked shell history"

    Relevant Pages

    • Re: Help with sudoers and wheel - "Old Guy" or anyone?
      ... (I am root on my home systems, and have "root" user accounts at work, ... Notice - no permissions for normal users to run. ... members of the 'wheel' group could run those commands. ... >Use halt, reboot, shutdown, mount, and tcpdump commands. ...
      (comp.os.linux)
    • Re: Language families
      ... descended from the same root. ... two 'wheel' roots, ... general very easily distinguished from inherited words. ... distinguish *medieval* borrowings from Latin from ...
      (sci.lang)
    • RE: Root access loggin
      ... commands with sudo assume that the user actually knows what commands ... Sudo wouldn't be any help here cause I would need to pre approve commands ... You can grant them access to everything that root has simply by adding their account to the wheel group and using visudo to grant wheel access to everything that root has access to. ...
      (freebsd-questions)
    • Re: problem related to read only file system in single user root login
      ... Added a normal user(As I don't know about 'wheel' group, ... As From kde loging screen, root login is not allowed. ... single user as you did previously is the way to go. ...
      (freebsd-questions)
    • Re: Regretable Forking of linux
      ... What if everyone in the wheel ... Root /can/ still log in if the system goes down to runlevel 1 - on my ... sudo su won't log much either, so if security is a primary concern, one ...
      (comp.os.linux.misc)