Re: [Fed-Talk] Security Issue: ssh and bsm
Re: [Fed-Talk] Security Issue: ssh and bsm
- Subject: Re: [Fed-Talk] Security Issue: ssh and bsm
- From: Todd Heberlein <email@hidden>
- Date: Sun, 7 Oct 2007 18:08:26 -0700
Hi Michael,
Going random on the answers here:
Also, is there a Apple Security contact to report this potential
security hole?
Shawn Geddis (geddis at apple.com) is probably your best bet. He is
also the contact for Common Criteria package for Intel systems.
It appears that bsm functionality quits working when a user logs in
using ssh.
I use ssh all the time with auditing, and I don't think I've seen any
problems. Let me do some additional checks on Monday to verify this.
This causes another issue, in that I was under the assumption in
the configuration that you could halt the system if an error occurs
in the bsm system. Which of course does not happen during this
failure.
I don't know if I can duplicate this unless I can duplicate the
error. I recall there are options (or at least used to be under
Solaris) to determine what to do when you could not longer audit
anymore. For example, when the audit partition fills up you could
freeze the system until an un-audited user logged in. We accidentally
did this a few times back in the early 1990s on Solaris -- it is a
pretty good way to piss off your users and turn them against security.
Anybody seen this before? Anybody know of any work around?
Once again, I'll check to see if I can duplicate this. One problem
I've run into is that there are a number of different versions of the
Common Criteria (I believe at one time I had one for 10.3 PowerPC,
one for 10.4 for PowerPC, and two for 10.4 Intel (32-bit and 64-
bit)). I'm not sure if the package installers are smart enough to
check the OS/hardware version you are installing on or not.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden