Full Disclosure: Re: /bin/rm file access vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: /bin/rm file access vulnerability

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 31 Dec 2004 09:54:55 -0600

On Thu, 2004-12-30 at 20:56 -0700, Jeffrey Denton wrote:

Nothing new here.  That is one of the problems with DAC systems, the
admin has total control over the system.

[...]

To prevent the above from happening, use a MAC or a RBAC system such
as Trusted Solaris.



You should also be able to use file flags such as undeletable and
immutable together with higher security levels (at least under BSD) to
prevent root to remove/change the file under normal run-levels. 

(Normal run-levels excludes single-user mode and stunts like mounting
the drive in non-native environments.)

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: /bin/rm file access vulnerability, (continued)
- Re: /bin/rm file access vulnerability J.A. Terranson (Jan 06)
  - Re: /bin/rm file access vulnerability bkfsec (Jan 06)
- Re: /bin/rm file access vulnerability Sean Harlow (Dec 31)
  - Re: /bin/rm file access vulnerability vh (Jan 06)
    - Re: /bin/rm file access vulnerability Jeffrey Denton (Dec 31)
    - Re: /bin/rm file access vulnerability Frank Knobbe (Jan 02)
- Re: /bin/rm file access vulnerability Jerry (Jan 03)
  - Re: /bin/rm file access vulnerability James Longstreet (Jan 01)
  - Re: /bin/rm file access vulnerability Valdis . Kletnieks (Jan 04)
- Re: /bin/rm file access vulnerability Alex V. Lukyanenko (Jan 03)