From owner-freebsd-questions@FreeBSD.ORG Tue Dec 26 02:20:13 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1584C16A415 for ; Tue, 26 Dec 2006 02:20:13 +0000 (UTC) (envelope-from agus.262@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by mx1.freebsd.org (Postfix) with ESMTP id 9F99313C46D for ; Tue, 26 Dec 2006 02:20:12 +0000 (UTC) (envelope-from agus.262@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so4347599nfc for ; Mon, 25 Dec 2006 18:20:09 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=licLc0t8t2Xb3XSX5vMMnOC/k+GKmyiKxb+LKPM8A65Fk57f8L6eXROynIQ7GkjH/tJJ9lQM8+PvY1QSqvUorsse6BX/nCr+aLppMJDqQLdf+9x3oEZkcxXYs7GqtEjEkiAKf3A4mkoT0ec7Q7xqu1Mb2RFvF32O7TwlTK4Pfbs= Received: by 10.82.153.5 with SMTP id a5mr2541800bue.1167099609806; Mon, 25 Dec 2006 18:20:09 -0800 (PST) Received: by 10.82.191.20 with HTTP; Mon, 25 Dec 2006 18:20:09 -0800 (PST) Message-ID: Date: Mon, 25 Dec 2006 23:20:09 -0300 From: Agus To: "Armin Arh" In-Reply-To: <20061224013419.GE756@pubbox.net> MIME-Version: 1.0 References: <20061224013419.GE756@pubbox.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions Subject: Re: remove suid files question.... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Dec 2006 02:20:13 -0000 Of course u can get an account......when i get the system connected and up....no problemm.... the web will be www.free-shells.com.ar; i'm still testing localy....when i start testing access with friends and people i know, i'll create an account for u, to test the system.... thanxs.....Happy Holidays.... 2006/12/23, Armin Arh : > > On Sat, Dec 23, 2006 at 05:41:29PM -0300, Agus wrote: > > Hi all.....i installed a freebsd 6 and i am going to use it as a server > with > > apache, ssh, ftp and other services....it is going to be of free > access....u > > register in my page your account (free) and i create an account for u in > the > > system....so i am trying to make it secure.....which setuid files should > i > > take the setuid bit off??? > > Sounds interesting. Can i get an account? :) > btw: do you care for a real email address? (see below) > > Giving the users shell access without a chroot environment is a potential > danger, possible though. > A plain BSD installation has several suid- bits set like for the 'passwd' > program, 'su' and other. These can't be used to corrupt the system, so you > should be safe. > Nevertheless, special care has to be taken for all third party software, > e.g. via the ports system. > > On my box i can't afford giving users shell access, because cpu cycles > are a rare resource (OSes can be even freeze with naughty users). > And then i have no expirience about enforcing resource limits... > > Another important point is: > You may trust your users, but unauthorized access (someone else logs in) > can arise if they do something wrong. Restricting them to cryptgraphically > authenticated entrance is a good countermeasure. > > Armin > -- > PUBBOX Postmaster + spam-killer. Free email addresses at > http://pubbox.net/ >