[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] /bin/rm file access vulnerability
From:       Frank Knobbe <frank () knobbe ! us>
Date:       2004-12-31 15:54:55
Message-ID: 1104508495.18571.7.camel () localhost
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Thu, 2004-12-30 at 20:56 -0700, Jeffrey Denton wrote:
> Nothing new here.  That is one of the problems with DAC systems, the
> admin has total control over the system.
[...]
> To prevent the above from happening, use a MAC or a RBAC system such
> as Trusted Solaris.


You should also be able to use file flags such as undeletable and
immutable together with higher security levels (at least under BSD) to
prevent root to remove/change the file under normal run-levels.=20

(Normal run-levels excludes single-user mode and stunts like mounting
the drive in non-native environments.)

Regards,
Frank


["signature.asc" (application/pgp-signature)]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


[prev in list] [next in list] [prev in thread] [next in thread]