Date: Sun, 12 Jul 1998 15:59:50 -0600 (MDT) From: Wes Peters <wes@softweyr.com> To: kgor@ksg.com, andrew@squiz.co.nz Cc: jehamby@manta.jpl.nasa.gov, 026809r@dragon.acadiau.ca, security@FreeBSD.ORG Subject: Re: RootRunner (admin GUI w/o security holes?) Message-ID: <199807122159.PAA10573@obie.softweyr.com> In-Reply-To: <Pine.BSF.3.96.980712163039.11489A-100000@aniwa.sky> References: <Pine.BSF.3.96.980712163039.11489A-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
My hidden microphone recorded Andrew McNaughton (andrew@squiz.co.nz) saying:
% I suspect the only way to get a uid = 0 backend and a uid != 0 frontend
% is to run them as separate processes with some sort of communication
% channel.
It's certainly the only good way. It is important to secure the communication
channel also; you'd be surprised what you can find in the clear snooping
unix-domain sockets and the like. Contrary to what many will tell you, even a
simple encryption or ENCODING method will dissuade most of your potential
attackers; they'll go look for other "low-hanging fruit."
If you make your standard communications channel a TCP socket, you're building
in remote administration capabilities from the start. You have to pay
attention to authentication and communication security, but you really need to
do that anyhow, so why shy away from it at the start?
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807122159.PAA10573>