Date: Sat, 15 Aug 1998 13:13:09 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: rotel@indigo.ie Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> Message-ID: <19980815131309.14782@deepo.prosa.dk> In-Reply-To: <199808142212.XAA01134@indigo.ie>; from Niall Smart on Fri, Aug 14, 1998 at 11:12:12PM %2B0000 References: <19980814123240.63855@deepo.prosa.dk> <199808142212.XAA01134@indigo.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
Niall Smart writes:
>
> As for the example mentioned (no execve for imapd), I'm not sure
> its at all useful.
> Just because someone can't execve doesn't mean they can't add an entry
> to /etc/passwd or modify roots or the sysadmins .login etc
The point was to limit the number of outside attacks on
priviledged network daemons. Once the system has been broken
into, it's over... "Just keep people out"
> Even better is additionally make chroot secure and put it in there.
What do you call "making chroot secure" ?
--
-[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
The Internet is busy. Please try again later.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980815131309.14782>