DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th August 2019
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 500
Default Living off the Land tools list for OpenBSD

Hello,
When it comes to hardening of Windows or Gnu/Linux there are lists such as Microsoft recommended block rules, LOLBAS and GTFOBins. These are lists of legitimate preinstalled system applications that can be used by attacker to conduct harmful activity and circumvent access control mechanisms be it DAC or something else. Are there lists for OpenBSD of that kind of binaries?
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #2   (View Single Post)  
Old 18th August 2019
ibara's Avatar
ibara ibara is offline
Real-life IT professor
 
Join Date: Jan 2014
Posts: 717
Default

Parts of this list are borderline ridiculous. Like, wow, did you know that ed(1) can read files?

Seriously though, if you are running a machine in which you are deliberately putting people in a restricted shell, then you (hopefully) already know that you cannot just put them in a restricted shell in the normal operating environment, and have taken the steps to put them in their own chroot(8) or something. Or better yet, if you really have such restrictions, you should write better policy to completely deny any and all access to those machines. Perhaps airgap the machine too, just to be safe.
Reply With Quote
  #3   (View Single Post)  
Old 18th August 2019
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 500
Default

Quote:
Originally Posted by ibara View Post
have taken the steps to put them in their own chroot(8) or something.
But what if I want to allow somebody access to some basic command line tools? I know that I can just extract filesystem to chroot, but what should I remove from that extracted archive? Does removing all SUID binaries and keeping software updated is enough to prevent privilege escalation? I don't mean letting professional pentester/NSA TAO level hacker in, just average IT technician.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Reply

Tags
gtfobins, lolbins, lotl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
growisofs (dvd+rw-tools) in openbsd yezster OpenBSD Packages and Ports 1 24th August 2016 01:04 AM
OpenBSD STARCH - OpenBSD user land/Linux kernel shep News 0 29th January 2013 12:31 AM
OpenBSD Gnome/XFCE tools Noobification OpenBSD Packages and Ports 7 23rd December 2010 09:36 PM
OpenBSD mailing list Mr-Biscuit Off-Topic 4 2nd May 2010 04:06 PM
Vmware tools on Openbsd 4.6? Stellar OpenBSD Installation and Upgrading 8 26th December 2009 07:42 PM


All times are GMT. The time now is 07:55 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick