Re: Strange command histories in hacked shell history

From: Dave (mudman_at_metafocus.net)
Date: 12/19/04

  • Next message: Jerry Bell: "Re: Strange command histories in hacked shell history" 
    Date: Sat, 18 Dec 2004 17:35:35 -0800 (PST)
To: Craig Edwards <brain@winbot.co.uk>

    > You could change the permissions on the su binary, so that only users in the wheel group can even
    > execute su. that way, when a non-wheel user attempts to su to a user in the wheel group, they simply
    > get permission denied.

    This is a really good idea. I decided to try it as root and chmod gave me
    chmod: su: Operation Not Permitted! The nerve! I'll have to have a look
    at that more carefully later :)

    As a side note, I think Bill's point about 2 passwords to break is pretty
    strong in my point of view. Just for simplicity's sake (in both security
    and in design), "the su stack" really shouldn't be any larger than 1. No
    su'ing twice, or N number of times. Hmm, I wonder if there is an option
    for setting that. I suppose someone might have a purpose to, but if they
    really need to be doing that, I think they have a problem in their own
    designs.

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Jerry Bell: "Re: Strange command histories in hacked shell history"

    Relevant Pages

    • Re: Protecting Database frm being Imported into a new Database
      ... The permissions that you set on forms, reports, etc in an MDB file can ... users can see the design of the ... However, users can create a new database, import an object, and play ...
      (microsoft.public.access.security)
    • Re: How to copy ACLs from one OU to another?
      ... On the design question... ... have an OU for each remote office (City), and under the City OU are 3 OUs, ... have to recreate all those custom permissions for the User/Group/Computer OUs ... > directory to take use of inheritance I strongly recommend that. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Read design/read data problem
      ... An alternative is to deny all permissions on the tables, ... They won't be able to open tables directly, nor read their design. ... Create a startup form that is opened on ... If you need to bypass these startup features, you can hold the shift key ...
      (microsoft.public.access.security)
    • Re: File and Folder permissions..
      ... Do not set fixed permissions that may be wrong, use chmod g+w to add write access for the group. ... Backup,,, A cronjob that change ctime every hour will tag all files as candidates for incremental backup, only change the files that need to be changed. ... A file has one owner, and if someone need to change it, just make a copy and change the copy, so your wife now are the owner of her version. ...
      (alt.os.linux.suse)
    • Re: Basing Object Permissions on Ownership
      ... >> design changes, etc. to objects that I've created but at the same time I ... Is there a way of assigning permissions to ... if a user has read design permissions on new queries but does ...
      (microsoft.public.access.security)