Date: Sun, 16 Aug 1998 15:10:56 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: rotel@indigo.ie Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> Message-ID: <19980816151056.63692@deepo.prosa.dk> In-Reply-To: <199808151348.OAA00655@indigo.ie>; from Niall Smart on Sat, Aug 15, 1998 at 02:48:11PM %2B0000 References: <19980815131309.14782@deepo.prosa.dk> <199808151348.OAA00655@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
Niall Smart writes:
> >
> > The point was to limit the number of outside attacks on
> > priviledged network daemons. Once the system has been broken
> > into, it's over... "Just keep people out"
>
> I'm not sure what you mean by this; disabling execve doesn't prevent
> outside attacks on network daemons.
No, but it will prevent buffer overflows that spawn a root shell
(i.e.: qpopper) -- or am I missing something ?
--
-[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
The Internet is busy. Please try again later.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980816151056.63692>