Bugtraq mailing list archives
Re: UnixWare
From: ccdes () ccdes princeton nj us (Carl Corey)
Date: Wed, 27 Apr 1994 08:05:42 -0500
This is NOT what I meant. I explicitly mean that you should go beyond simply leaving the machine as shipped and should actively remove existing SUID facilities to the extent possible and change all persistant system processes to run unprivileged if at all possible. I do not merely mean "regulating" SUID facilities. I really mean actively yanking them out and replacing them with non-SUID facilities. I also mean eliminating openings like world writable utmp files, devices, etc.
COPS generates a list of SUID files, one of its more useful features. I am in the process of going through and determining what _needs_ to be run as root, and if it does, if anyone else should have access. I also have reduced tcp/udp services to a minimum, and any that connect are logged with tcpwrapper. Right now it's only a LAN that can connect via tcp, but we are getting a 56k (ug) connection soon - and it will help to be ready by then. I know we are getting a cisco router, and I have a question for anyone - what is the latest version of the router software I need to run to keep fake ICMP packets from reaching my hosts? I believe that this was a somewhat recent upgrade by cisco, thus the presence of nuke.c or whatever being used to annoy people. Also, is there a way to block people running FSP without blocking all udp packets or relying on blocking udp to certain ports? I may not be around full-time on this system, so it is conceivable for a user to set up their own fsp server in their home dir and not have me notice it for a few weeks or so. cc
Current thread:
- Re: UnixWare, (continued)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Michael Neuman (Apr 27)
- Re: UnixWare Gene Spafford (Apr 27)
- Re: UnixWare a.e.mossberg (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare David A. Curry (Apr 28)
- HP's security stance (was Re: UnixWare) Bennett Todd (Apr 28)
- Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
- Re: UnixWare Christopher Klaus (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare Michael Neuman (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bonfield James (Apr 28)
- Re: UnixWare Ron McDowell (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)