Findsuid source (Re: Security an
Sean Casey
sean at ukma.UUCP
Tue Feb 5 15:59:22 AEST 1985
> Another problem with having a find-suid-programs program that runs based
> on crontab entries is that anyone can see when the find-suid-programs
> program is going to run next, and make their moves on that basis.
>
> kurt
I do not think that findsuid is designed to be a serious security
program. It is a nice little watchdog that will trap a novice
that happens to find a bug (there's lots) and creates his own su
(or similar), but it's extremely simple, and easy to bypass.
A friend of mine wrote an interesting security program for Tops-
10. It locked itself in core and set up breakpoints at some of
the monitor calls. It then checked the parameters on these calls
and made sure they were "ok". It entwined itself to the monitor
so tightly that it was almost impossible to defuse without taking
down the whole monitor with it. It checked for a number of things
and logged (in an undeletable file!) conditions which it
considered unusual. If I were to go about writing a serious
security program for Unix, I'd probably go about it much the same
way. I would make the process as unkillable as possible, and
have it periodically check things.
'nuff ramblin'
Sean Casey
More information about the Comp.unix.wizards
mailing list