Date: Mon, 25 Dec 2006 23:20:09 -0300 From: Agus <agus.262@gmail.com> To: "Armin Arh" <armin@pubbox.net> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: remove suid files question.... Message-ID: <fda61bb50612251820x335a666cj794686c17e3918ae@mail.gmail.com> In-Reply-To: <20061224013419.GE756@pubbox.net> References: <fda61bb50612231241w5c5ab2fr676481e7021f9428@mail.gmail.com> <20061224013419.GE756@pubbox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Of course u can get an account......when i get the system connected and up....no problemm.... the web will be www.free-shells.com.ar; i'm still testing localy....when i start testing access with friends and people i know, i'll create an account for u, to test the system.... thanxs.....Happy Holidays.... 2006/12/23, Armin Arh <armin@pubbox.net>: > > On Sat, Dec 23, 2006 at 05:41:29PM -0300, Agus wrote: > > Hi all.....i installed a freebsd 6 and i am going to use it as a server > with > > apache, ssh, ftp and other services....it is going to be of free > access....u > > register in my page your account (free) and i create an account for u in > the > > system....so i am trying to make it secure.....which setuid files should > i > > take the setuid bit off??? > > Sounds interesting. Can i get an account? :) > btw: do you care for a real email address? (see below) > > Giving the users shell access without a chroot environment is a potential > danger, possible though. > A plain BSD installation has several suid- bits set like for the 'passwd' > program, 'su' and other. These can't be used to corrupt the system, so you > should be safe. > Nevertheless, special care has to be taken for all third party software, > e.g. via the ports system. > > On my box i can't afford giving users shell access, because cpu cycles > are a rare resource (OSes can be even freeze with naughty users). > And then i have no expirience about enforcing resource limits... > > Another important point is: > You may trust your users, but unauthorized access (someone else logs in) > can arise if they do something wrong. Restricting them to cryptgraphically > authenticated entrance is a good countermeasure. > > Armin > -- > PUBBOX Postmaster + spam-killer. Free email addresses at > http://pubbox.net/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fda61bb50612251820x335a666cj794686c17e3918ae>