[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Process monitor

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Process monitor
From: Seth Arnold <sarnold_(_at_)_willamette_(_dot_)_edu>
Date: Sun, 15 Oct 2000 20:25:39 -0700
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

* Nicholas Lee <nj_(_dot_)_lee_(_at_)_plumtree_(_dot_)_co_(_dot_)_nz> [001015 20:22]:
> Basically want a reactive UID/GID process scanner.  ie. If suddenly a new
> un-registered process starts with root access (say some breaking in though a
> suid application) it gets picked up.

Ok. How about this idea? (Keeping in mind this is only an idea, and a
very poorly thought out one at that! Flame if constructive. :) Remove
the suid and guid bits on all executables except for sudo. Then, anytime
anything needs to be done with root privs, it must be done through sudo.

?

References:
- Re: Process monitor
  - From: Seth Arnold

Prev by Date: New install hangs on boot
Next by Date: Re: Process monitor
Previous by thread: Re: Process monitor
Next by thread: Re: Process monitor
Index(es):
- Date
- Thread

Visit your host, monkey.org