Date: Sat, 29 Aug 1998 10:19:30 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: Mike Holling <myke@ees.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Shell history Message-ID: <Pine.BSF.3.96.980829101329.3522B-100000@anchovy.orem.iserver.com> In-Reply-To: <Pine.NEB.4.00.9808291000010.279-100000@phluffy.lm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Aug 1998, Mike Holling wrote: > A sufficiently skilled attacker will probably always be able to get root > once they have shell access on a box. The key is to prevent them from > getting to that point in the first place. That's a broad statement. I won't contest the fact that if users have shell access you are now open to a much larger array of possible attacks (like local SUID buffer overflow attacks and /tmp races), but saying that they will always be able to get root is not an accurate statement. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980829101329.3522B-100000>