Date: Thu, 22 Feb 2001 01:37:18 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Doug Young <dougy@bryden.apana.org.au>, Macrolosa <edvard@post.omnitel.net>, freebsd-questions@FreeBSD.ORG Subject: Re: login-MODEM Message-ID: <20010222013718.G89396@rfx-216-196-73-168.users.reflex> In-Reply-To: <004701c09cad$b8c88c40$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Thu, Feb 22, 2001 at 12:59:10AM -0800 References: <00dd01c09c49$494b6f40$847e03cb@apana.org.au> <004701c09cad$b8c88c40$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 22, 2001 at 12:59:10AM -0800, Ted Mittelstaedt wrote: [snip] > There's nothing to running a shell server as long as you take a few simple > precautions. *boggle* It is pretty much assumed that if a user can get local, he can get root. For recent FreeBSD examples, take the /proc holes (and there are probably more) used to get the webserver. OpenBSD had some chpass and others publicized back in October. And this is my favorite, pretty much EVERY SINGLE Solaris BOX IN THE WORLD has a particular local root exploit that has no reasonable work around or vendor patch. > Your way overstating the security risks here. What risks?! There's nothing > that a user can do on a shell server that they can't do already by setting > up a > UNIX system and dialing into us, except for screwing other users on that > server, And everytime some kiddie nukes the server and uses your bandwidth to scan half the Internet for portmap, you have to fix it and get all of the hate mail. > Rubbish - your making things way hard for yourself. UNIX already has > excellent security for this - you just need to understand it. UNIX does not have strong security. It was not originally designed for security. That's not to say it is not as strong or stronger than the other extremely popular operating systems of today, but those are very weak too. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010222013718.G89396>