Re: FreeBSD Security in Multiuser Environments

schultz@xxxxxxxxxx writes:
* Encrypted the whole (except /boot) system with geli(8)
(HMAC/SHA256 and AES-XTS). It is not as nice and much slower
than proper filesystem-level checksumming but it is what
FreeBSD provides (ZFS is too unstable).

ZFS is stable enough, but I'm a little confused: encryption is not
"checksumming", and ZFS provides checksums but not encryption.

* Disabled useless and potentially dangerous services: cron, devd
and sendmail.

These services are neither useless nor dangerous.

* Removed every setuid bit. The system works even then.

except users are no longer able to change their password or shell.

* Added a group sudoers and made sudo setuid only to users in
sudoers: would have avoided trouble with recent sudo exploit if
only trusted users have slaves.

I'm not sure what "made sudo setuid only to users in sudoers" means.
Perhaps you mean "executable only by users in sudoers"?

Also... all this and you didn't raise the securelevel? Didn't set
system binaries schg? Didn't remove unwanted binaries like rcp(1),
rlogin(1), at(1) etc?

As for using sudo to grant privilege, for each master-slave
relationship between users u and v, I have added a line like
"u ALL = (v) NOPASSWD: ALL" to /etc/sudoers. Then the user u is
supposed to become v by issuing "sudo -i -u v" and to execute a
command as v by issuing "sudo -i -u v ...".

I'm surprised there isn't a sudoers option to force -i; I'm sure Todd
Miller would be happy for a patch :)

Dag-Erling Smørgrav - des@xxxxxx
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"