Full Disclosure mailing list archives
Re: /bin/rm file access vulnerability
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 31 Dec 2004 09:54:55 -0600
On Thu, 2004-12-30 at 20:56 -0700, Jeffrey Denton wrote:
Nothing new here. That is one of the problems with DAC systems, the admin has total control over the system.
[...]
To prevent the above from happening, use a MAC or a RBAC system such as Trusted Solaris.
You should also be able to use file flags such as undeletable and immutable together with higher security levels (at least under BSD) to prevent root to remove/change the file under normal run-levels. (Normal run-levels excludes single-user mode and stunts like mounting the drive in non-native environments.) Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: /bin/rm file access vulnerability bkfsec (Dec 31)
- Re: /bin/rm file access vulnerability J.A. Terranson (Jan 06)
- Re: /bin/rm file access vulnerability bkfsec (Jan 06)
- <Possible follow-ups>
- Re: /bin/rm file access vulnerability Sean Harlow (Dec 31)
- Re: /bin/rm file access vulnerability vh (Jan 06)
- Re: /bin/rm file access vulnerability Jeffrey Denton (Dec 31)
- Re: /bin/rm file access vulnerability Frank Knobbe (Jan 02)
- Re: /bin/rm file access vulnerability vh (Jan 06)
- Re: /bin/rm file access vulnerability J.A. Terranson (Jan 06)
- Re: /bin/rm file access vulnerability Jerry (Jan 03)
- Re: /bin/rm file access vulnerability James Longstreet (Jan 01)
- Re: /bin/rm file access vulnerability Valdis . Kletnieks (Jan 04)
- Re: /bin/rm file access vulnerability Alex V. Lukyanenko (Jan 03)