Network Security: Detailed info on Re: [Full-Disclosure] /bin/rm file access vulnerability

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] /bin/rm file access vulnerability

from [Frank Knobbe] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] /bin/rm file access vulnerability
Date:	Fri, 31 Dec 2004 09:54:55 -0600

On Thu, 2004-12-30 at 20:56 -0700, Jeffrey Denton wrote:

Nothing new here.  That is one of the problems with DAC systems, the
admin has total control over the system.

[...]

To prevent the above from happening, use a MAC or a RBAC system such
as Trusted Solaris.



You should also be able to use file flags such as undeletable and
immutable together with higher security levels (at least under BSD) to
prevent root to remove/change the file under normal run-levels. 

(Normal run-levels excludes single-user mode and stunts like mounting
the drive in non-native environments.)

Regards,
Frank

signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] /bin/rm file access vulnerability, Lennart Hansen Re: [Full-Disclosure] /bin/rm file access vulnerability, Eric Romang / ZATAZ Re: [Full-Disclosure] /bin/rm file access vulnerability, Michal Zalewski Re: [Full-Disclosure] /bin/rm file access vulnerability, shane milton Message not available Re: [Full-Disclosure] /bin/rm file access vulnerability, James Longstreet Message not available Message not available Message not available Re: [Full-Disclosure] /bin/rm file access vulnerability, bkfsec Message not available Message not available Message not available Re: [Full-Disclosure] /bin/rm file access vulnerability, Frank Knobbe <=

Previous by Date:	Re: [Full-Disclosure] MySQL and the user "su", Sascha Wolf
Next by Date:	RE: [Full-Disclosure] MySQL and the user "su", Tom Crimmins
Previous by Thread:	Re: [Full-Disclosure] /bin/rm file access vulnerability, bkfsec
Next by Thread:	RE: [Full-Disclosure] Multiple Backdoors found in eEye Products (IRISand SecureIIS), Marc Maiffret
Indexes:	[Date] [Thread] [Top] [All Lists]