Re: Strange command histories in hacked shell history

From: Slawek (sgp_at_telsatgp.com.pl)
Date: 12/18/04

  • Next message: Craig Edwards: "Re: Strange command histories in hacked shell history"
    To: <bv@wjv.com>, <freebsd-security@freebsd.org>
    Date: Sat, 18 Dec 2004 12:39:06 +0100
    
    

    Hello!
    In message to <freebsd-security@freebsd.org> sent Fri, 17 Dec 2004
    21:25:56 -0500 you wrote:

     BV> I understand that after using Unix for about 2 decades.
     BV> However in FreeBSD a user is supposed to be in the wheel group [if
     BV> it exists] to be able to su to root.

     BV> But if a person who is not in wheel su's to a user who is in wheel,
     BV> then they can su to root - as the system sees them as the other
     BV> user. This means that the 'wheel' security really is nothing more
     BV> than a 2 password method to get to root.

     BV> If the EUID of the orignal invoker is checked, even if they su'ed
     BV> to a person in wheel, then they should not be able to su to root.

    You can block access to su for untrusted users.

    Although keep in mind that attackers would still be able to log in to
    cracked wheel UID using ssh and then su to root - it still doesn't need
    anything more that the same two passwords.

    You can disable password logins for wheel UIDs at all and log in using
    certificates.

    -- 
    Slawomir Piotrowski
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Craig Edwards: "Re: Strange command histories in hacked shell history"

    Relevant Pages

    • Re: Help with sudoers and wheel - "Old Guy" or anyone?
      ... (I am root on my home systems, and have "root" user accounts at work, ... Notice - no permissions for normal users to run. ... members of the 'wheel' group could run those commands. ... >Use halt, reboot, shutdown, mount, and tcpdump commands. ...
      (comp.os.linux)
    • Re: Language families
      ... descended from the same root. ... two 'wheel' roots, ... general very easily distinguished from inherited words. ... distinguish *medieval* borrowings from Latin from ...
      (sci.lang)
    • Re: problem related to read only file system in single user root login
      ... Added a normal user(As I don't know about 'wheel' group, ... As From kde loging screen, root login is not allowed. ... single user as you did previously is the way to go. ...
      (freebsd-questions)
    • RE: Root access loggin
      ... commands with sudo assume that the user actually knows what commands ... Sudo wouldn't be any help here cause I would need to pre approve commands ... You can grant them access to everything that root has simply by adding their account to the wheel group and using visudo to grant wheel access to everything that root has access to. ...
      (freebsd-questions)
    • Re: Regretable Forking of linux
      ... What if everyone in the wheel ... Root /can/ still log in if the system goes down to runlevel 1 - on my ... sudo su won't log much either, so if security is a primary concern, one ...
      (comp.os.linux.misc)