Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q4

FreeBSD Security Archives: Re: setuid revisited (was Re: From B

Re: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) )

Subject: Re: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) )
From: mika ruohotie (bsdsecshadows.aeon.net)
Date: Thu Dec 16 1999 - 17:06:17 CST

Next message: jason schwab: "!!!really, really big problem with *BSD!!!"
Previous message: Spidey: "Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)"
In reply to: Peter Jeremy: "Re: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) )"
Next in thread: Robert Watson: "Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)"
Reply: mika ruohotie: "Re: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) )"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >Even the main tree seems a big permissive for some applications (in my
> >case, an ISP).
> Much of this is really that our install approach doesn't allow fine

[snip]

> > Similarly, I dont think my users need access to vmstat
> Probably not, but that depends on what you want to let your users do.

exactly.

i think it's not a good idea to make the default installation much too
restrictive. if one is about to use freebsd (or any other unix) as a
shell server, they have to harden the box anyway. and about everyone i
know in the "business", like to do things slightly different.

the default installation should leave the machine still _usable_
without assuming the user wishes to abuse root for everything.

personally, i much rather hang around as user, and i _do_ use things
like vmstat _lots_ in my boxen. all of which only allow _very_ limited
access _into_ the machine.

sure, all kinds of installation options sound nice, but they might
be too hard to implement, specially since the audience for which
they'd be, prefer mainly do things _themselves_ without click&drool
gimmics.

and i know things that i've just said have been repeated all over
this list, and other lists.

> Peter

mickey

-- company: SAUNALAHDEN SERVERI >>>^<<< Network Development email: mika.ruohotie

saunalahti.fi /?\ System Administrator www: www.saunalahti.fi | | .??.??????.????.??.??????.????.?????.??.oOOOo.??.?????.??.?????.??.????.??.

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Next message: jason schwab: "!!!really, really big problem with *BSD!!!"
Previous message: Spidey: "Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)"
In reply to: Peter Jeremy: "Re: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) )"
Next in thread: Robert Watson: "Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)"
Reply: mika ruohotie: "Re: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) )"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Dec 16 1999 - 17:39:21 CST