Subject: Re: solving various bug reports...
To: Andrew Brown <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 06/27/1997 00:12:09
Andrew Brown writes:
> >It is still ugly -- there may be things you can manage to do to the
> >inetd in that fraction that aren't good...
> i thought about it and i've even give the that the attacked system was
> stupid and had r-services turned on and root had "+ +" in his or her
> .rhosts file. that way all the attacker has to do is
Nope. Not my threat model.
Lets say there is some random inetd service that happens to be, say,
gid kmem. You know of an evil buffer overflow in it. Normally, this
would be worth jack to you, since the system you are attacking is
above securelevel 0, but by hitting the machine as it reboots, you
can twizz /dev/kmem in that tiny window with this buffer overflow and
Securelevel 1 is a "Defense in Depth" thing. A properly functioning
machine shouldn't let anyone break in at ANY secure level. By having
the system at securelevel 1, however, we prevent even people who have
broken in and gained certain kinds of privs from harming the machine.