Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Dec 2006 23:20:09 -0300
From:      Agus <agus.262@gmail.com>
To:        "Armin Arh" <armin@pubbox.net>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: remove suid files question....
Message-ID:  <fda61bb50612251820x335a666cj794686c17e3918ae@mail.gmail.com>
In-Reply-To: <20061224013419.GE756@pubbox.net>
References:  <fda61bb50612231241w5c5ab2fr676481e7021f9428@mail.gmail.com> <20061224013419.GE756@pubbox.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Of course u can get an account......when i get the system connected and
up....no problemm....

the web will be www.free-shells.com.ar; i'm still testing localy....when i
start testing access with friends and
people i know, i'll create an account for u, to test the system....

thanxs.....Happy Holidays....


2006/12/23, Armin Arh <armin@pubbox.net>:
>
> On Sat, Dec 23, 2006 at 05:41:29PM -0300, Agus wrote:
> > Hi all.....i installed a freebsd 6 and i am going to use it as a server
> with
> > apache, ssh, ftp and other services....it is going to be of free
> access....u
> > register in my page your account (free) and i create an account for u in
> the
> > system....so i am trying to make it secure.....which setuid files should
> i
> > take the setuid bit off???
>
> Sounds interesting. Can i get an account? :)
> btw: do you care for a real email address? (see below)
>
> Giving the users shell access without a chroot environment is a potential
> danger, possible though.
> A plain BSD installation has several suid- bits set like for the 'passwd'
> program, 'su' and other. These can't be used to corrupt the system, so you
> should be safe.
> Nevertheless, special care has to be taken for all third party software,
> e.g. via the ports system.
>
> On my box i can't afford giving users shell access, because cpu cycles
> are a rare resource (OSes can be even freeze with naughty users).
> And then i have no expirience about enforcing resource limits...
>
> Another important point is:
> You may trust your users, but unauthorized access (someone else logs in)
> can arise if they do something wrong. Restricting them to cryptgraphically
> authenticated entrance is a good countermeasure.
>
> Armin
> --
> PUBBOX Postmaster + spam-killer. Free email addresses at
> http://pubbox.net/
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?fda61bb50612251820x335a666cj794686c17e3918ae>