Re: A question about Knark and modules
- To: debian-security@lists.debian.org
- Subject: Re: A question about Knark and modules
- From: Christian Jaeger <christian.jaeger@sl.ethz.ch>
- Date: Mon, 18 Jun 2001 18:41:59 +0200
- Message-id: <p04320403b753d7136257@[192.168.1.2]>
- In-reply-to: <cnw6uC.A.y4B.CvXL7@murphy>
- References: <cnw6uC.A.y4B.CvXL7@murphy>
At 5:55 Uhr +0200 18.6.2001, Ethan Benson wrote:
On Mon, Jun 18, 2001 at 03:03:06AM +0200, Christian Jaeger wrote:
> ... install some special binaries to which you
> grant many permissions.
the thing is once you make exceptions for the system adminsistrator to
use to maintain the you open the holes the attacker needs to trojan
your system and to remove the additional obsticales you installed.
system adminsitrator == root
cracker == root
you can't trust one without trusting the other.
Well, if the 'apt-get update && apt-get upgrade' wrapper doesn't take
any input and resets the environment (is there anything else it
should take care of?) then even if called by the cracker it wouldn't
do anything else than upgrade the system the same way upgrades were
happening anyway before the breakin. (Ok, there may be an issue with
the changing inode numbers lids is depending upon and which would not
get updated immediately after upgrading software.)
And/or if I install a special shell binary that has capabilities to
access the whole filesystem, but exits immediately unless called by
sshd, then system administrators still can just login as root and do
what they are used to do, without risking a hacker using the same
tool because he (probably) didn't use sshd to gain access to the
machine. (Of course, this requires 1. sshd not having a problem, and
2. making sure depending files like /etc/shadow, pam etc are
protected, but that's what lids people propagate anyway).
Am I wrong?
Of course if lids in fact can't deny access to disk devices then
probably all is lost...
Christian.
Reply to: