On Mon, Jun 18, 2001 at 06:41:59PM +0200, Christian Jaeger wrote:
> 
> Well, if the 'apt-get update && apt-get upgrade' wrapper doesn't take 
> any input and resets the environment (is there anything else it 
> should take care of?) then even if called by the cracker it wouldn't 
> do anything else than upgrade the system the same way upgrades were 
> happening anyway before the breakin. (Ok, there may be an issue with 
> the changing inode numbers lids is depending upon and which would not 
> get updated immediately after upgrading software.)

what if the attacker can poisen your DNS, or routing tables?  then he
can trick apt into downloading his 37337 `security update' (more like
unsecurity update heh)

> And/or if I install a special shell binary that has capabilities to 
> access the whole filesystem, but exits immediately unless called by 
> sshd, then system administrators still can just login as root and do 
> what they are used to do, without risking a hacker using the same 
> tool because he (probably) didn't use sshd to gain access to the 
> machine. (Of course, this requires 1. sshd not having a problem, and 
> 2. making sure depending files like /etc/shadow, pam etc are 
> protected, but that's what lids people propagate anyway).
> 
> Am I wrong?

get root, run passwd root, ssh in.  

> Of course if lids in fact can't deny access to disk devices then 
> probably all is lost...

lids can, it adds new capabilities or else modifies one of the
existing ones.  (at least last i read the FAQ that seemed to be
implyed). 

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

PGP signature

Reply via email to