<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: Re: /bin/rm file access vulnerability

Re: /bin/rm file access vulnerability

From: Frank Knobbe <frank_at_knobbe.us>
Date: Fri, 31 Dec 2004 09:54:55 -0600

On Thu, 2004-12-30 at 20:56 -0700, Jeffrey Denton wrote:
> Nothing new here. That is one of the problems with DAC systems, the
> admin has total control over the system.
[...]
> To prevent the above from happening, use a MAC or a RBAC system such
> as Trusted Solaris.

You should also be able to use file flags such as undeletable and
immutable together with higher security levels (at least under BSD) to
prevent root to remove/change the file under normal run-levels.

(Normal run-levels excludes single-user mode and stunts like mounting
the drive in non-native environments.)

Regards,
Frank

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

application/pgp-signature attachment: This is a digitally signed message part

Received on Jan 03 2005

This message: [ Message body ]
Next message: Dave Aitel: "Re: Multiple Backdoors found in eEye Products (IRIS and Secure"
Previous message: jeffrey.adams_at_hqda.army.mil: "Mail Delivery (failure full-disclosure@lists.netsys.com)"
In reply to: Jeffrey Denton: "Re: /bin/rm file access vulnerability"
Next in thread: Jerry: "Re: /bin/rm file access vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos