Date: Mon, 18 Nov 1996 10:30:55 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Mark Murray <mark@grondar.za> Cc: chat@freebsd.org, security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611181830.KAA15909@salsa.gv.ssi1.com> In-Reply-To: Mark Murray <mark@grondar.za> "Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2)." (Nov 18, 8:17pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 18, 8:17pm, Mark Murray wrote: } Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). } } Much easier is to put the users onto a volume that is mounted -noexec. } This works for compiled binaries, not scripts. Users, what users? Oh, I'm definitely doing the -noexec thing on anything that's writable, and -rdonly on anything that has executables. Not to mention nosuid and nodev as appropriate. Since I'm removing most of the binaries, I'm not too worried about scripts, even assuming they could get executed in spite of my other measures. There's only so much that you can do with cat and echo ;-) --- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611181830.KAA15909>